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SCO Files for Ch.11 Bankruptcy 

Novell, Red Hat and IBM are off the hook until SCO reorganizes 



BY ALEX HANDY 

The cavalry failed to come over 
the hill in time to save The SCO 
Group, which has filed for 
Chapter 11 bankruptcy. The 
move puts a halt on all litigation 
currently pending trial, and 
places SCO in a position to cir- 
cle its wagons and plan its next 
move. 

"We want to assure our cus- 
tomers and partners that they 
can continue to rely on SCO 
products, support and services 
for their business critical opera- 
tions," Darl McBride, president 
and CEO of SCO, said in a state- 



'SCO's filing of Chapter 11 is the final statement in 
a lesson which will long be remembered by the 
software industry/ 

—Jim Zemlin, executive director of the Linux Foundation 



ment. "Chapter 11 reorganiza- 
tion provides the company with 
an opportunity to protect its 
assets during this time while 
focusing on building our future 
plans." There were no further 
comments from SCO officials. 

While McBride is hoping to 
reinvent the company, lawyers 



at IBM, Novell and Red Hat are 
getting a breather. In March 
2003, SCO filed its first anti- 
Linux lawsuit against IBM, and 
then followed up in August with 
a suit against Red Hat. The next 
year, AutoZone and Novell were 
both sued as well. These and 
other lawsuits alleged that the 



Linux kernel infringed upon the 
intellectual property rights asso- 
ciated with Unix, which SCO 
claimed it owned. 

But on Aug. 10 of this year, 
U.S. District Court Judge Dale 
Kimball ruled that Novell, not 
SCO, owned the rights to Unix. 
When he issued another ruling 
on Sept. 7 that denied SCO a 
jury trial in its case against Nov- 
ell, the options for McBride and 
his company began to evaporate. 
SCO's Sept. 14 filing in U.S. 
Bankruptcy Court may have 
been driven by this case as much 
continued on page 18 ► 



ISO Says 'No' 
To Open XML 
As a Standard 

BY DAVID WORTHINGTON 

Microsoft's Office Open XML 
(OOXML) specification has 
been detoured off the ISO fast 
track amid accusations that 
highwaymen attempted to hijack 
the voting process. 

On Sept. 2 the ballots closed, 
and the software giant failed to 
attain support from enough 
International Organization for 
Standardization (ISO) members 
for the fast-track approval of 
OOXML as an ISO standard. 
The proposal must be reworked 
for reconsideration next year. 

OOXML is a family of docu- 
ment specifications for presenta- 




Microsoft's Robertson believes that 
a second vote, set for February, will 
result in OOXML's approval. 

tions, spreadsheets and word 
processing created by Microsoft, 
and is also known as Open XML. 
Ecma International ratified 
OOXML as ECMA-376 in 
December 2006 and submitted 
the standard to ISO/IEC JTC 1 
continued on page 36 ► 



GlassFish Shatters 
Preconceptions 



Sun's Java EE server g 
enterprise features as 

BY ALEX HANDY 

Sun Microsystems is setting new 
bait, attempting to hook more 
business with its application 
servers. Version 2 of the Glass- 
Fish open source Java EE 5 
application server was released 
for download on Sept. 17 at 
glassfish.java.net. At the same 
time, Sun Java System Applica- 
tion Server 9.1 was released, 
aimed at enterprises seeking cor- 
porate support for GlassFish. 
Both application servers now 
include improved clustering 
capabilities, faster performance 
and the benefits of collaborations 



ains clustering, same 
commercial offering 

between Sun and Microsoft. 

But Sun is now offering the 
same technology in each, making 
the choice more about licensing 
and support than feature sets. 
When Sun set out to create 
GlassFish version 1, the compa- 
ny's main goal was simply to 
build a reference implementa- 
tion, explained Ken Drachnik, 
community development and 
marketing manager at Sun's open 
source group. Over time, he said, 
many enterprise-focused fea- 
tures appeared in the Sun Java 
System Application Server, 
continued on page 18 ► 



BEA's Future 
Outlined in 
Registry 
Repository 

BY ALEX HANDY 

SAN FRANCISCO — At his 
company's BEAWorld confer- 
ence on Sept. 11, BEA CEO 
Alfred Chuang detailed his vision 
for a future based on metadata, 
customizable applications and 
Adobe Systems' Flex RIA plat- 
form. Chuang also announced a 
new partnership with Adobe to 
bring Flex into the hands of BEA 
Workshop users, and introduced 
a new version of the company's 
services registry. 

The BEA AquaLogic Registry 
Repository 3.0 will track all of 
the services hosted within an 
organization, and will provide 
facilities for easier discovery and 
governance of those services. 
The software is built around 
BEA's metadata interoperability 
framework, which seeks to nor- 
malize the information that 
describes various software arti- 
facts, and to automate the collec- 
tion of such data. 

Also included in the new ver- 
sion of the AquaLogic Registry 
Repository are best practices 
and governance capabilities 
designed to help corporate 
developers stay in step with one 
another. The registry's Eclipse 
plug-in was updated as well. 
The newly released registry 
repository will also work hand in 
hand with BEA's AquaLogic 
Enterprise Repository, based on 
continued on page 36 ► 
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A Drag & drop grid elements within 
the Visual Studio 2005 design surface. 
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Enhanced Smart Tag Wizard provides 
most features to limit the need to 
access code or the properties grid. ▼ 
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♦ Specifically designed for Visual Studio 2005 and ASP.NET 2.0 

♦ Revolutionary design-time experience for complete ease of use. 

♦ Unprecedented control for the end-user at run-time. 

♦ Dynamic aesthetic features for data presentation and analysis. 

♦ The most innovative functionality of any grid ever developed! 
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A AJAX-enabled run 

time interface provides 

toolbars and settings 

such as motifs. The 

elegant "Ghost Bar" 

provides end users with features such 

as data copying, grouping, sorting & 

filtering, hide or show columns, plus 

font selection, size, style & color. 
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They said it would never happen. 
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States Split on DOJ's Microsoft Status Report 

A contingent of states led by California is seeking to extend antitrust provisions 



BY DAVID WORTHINGTON 

The U.S. Department of Jus- 
tices report card is in, and the 
states are split on whether or 
not Microsoft's 2002 consent 
decree with the federal govern- 
ment has curbed its anticompet- 
itive behavior. 

The DOJ declared on Aug. 
31 that the final judgments are 
succeeding in the goal of reinvig- 
orating competitive conditions 
that Microsoft had suppressed. 
However, a group of states led by 
California told U.S. District 
Court Judge Colleen Kollar- 
Ko telly in Washington, D.C., 
that Microsoft's compliance with 
the terms of the antitrust settle- 
ment exerted minimal influence 
on its behavior. 

The DOJ filing cites specific 
developments in the marketplace 
as evidence that the market 
was competitive, including the 
growing popularity of alternative 
Web browsers, Apple's iTunes 
and Adobe's Flash for handling 
multimedia content, the in- 
creased use of Web services over 
client apps, and decisions by 
some OEMs to offer computers 
preloaded with Linux. 



"The final judgments have 
been successful in protecting 
the development and distribu- 
tion of middleware products 
and in preventing Microsoft 
from continuing the type of 
exclusionary behavior that led 
to the original lawsuit," Thomas 
O. Barnett, assistant attorney 
general in charge of the DOJ's 
antitrust division, said in a 
statement. "The Antitrust Divi- 
sion has made enforcement of 
the final judgments an impor- 
tant priority and will continue 
to vigorously enforce the 
antitrust laws in computer soft- 
ware markets." 

The states of Louisiana, 
Maryland, New York, Ohio and 
Wisconsin filed jointly with the 
department to resolve the 
antitrust case against Microsoft. 
California, Connecticut, Iowa, 
Kansas, Massachusetts and Min- 
nesota, plus the District of 
Columbia, filed a dissent. 

CALIFORNIA STEAMING 

The California-led group stated 
that the success of the final judg- 
ment should not be measured by 
the extent of plaintiffs' diligence 



or Microsoft's compliance. 
Rather, it emphasized what 
impact the judgment has had on 
competitive conditions. By that 
standard, the dissenters view it 
as a dismal failure because 
Microsoft's power remains undi- 
minished with regard to key pro- 
visions of the judgment. 

Specifically, the dissent cited 
provisions relating to middle- 
ware, and claimed Microsoft's 
market power is undiminished. 
The states contend that the 
only impact the judgment has 
had on Microsoft has been the 
cost of producing oft-delayed 
technical documentation. 

The dissenting filing reads: 
"Microsoft's commingling vio- 
lation has not been effectively 
addressed, Microsoft remains 
in possession of the fruits of its 
violation, and the competitive 
conditions antedating Micro- 
soft's anticompetitive conduct 
have not been restored. The 
California Group will be pre- 
pared to discuss at the next 
Joint Status Conference what, 
if any, changes the Court might 
consider with respect to the 
remedy in this case." 



The DOJ emphasized that 
the antitrust judgment was nev- 
er designed to reduce Micro- 
soft's market share, as it was not 
found to have increased its 
monopoly market share illegal- 
ly. Therefore, the department is 
satisfied to permit most provi- 
sions of the settlement to expire 
in November, with the excep- 
tion of the judgment related to 
protocol licensing that has been 
extended until November 2009. 

Microsoft agreed to the 
extension, which was approved 
by the district court in 2006. 
Microsoft also agreed that the 
DOJ and state antitrust agen- 
cies may apply to the court in 
fall 2009 for an extension for all 
parts of the extended provisions 
of the final judgments for a peri- 
od of up to three years, accord- 
ing to the department's filing. 

Microsoft published a glow- 
ing assessment of the decree's 
effectiveness and assailed the 
California group's arguments, 
stating that the judgment was 
never intended "to bring about 
fundamental structural changes 
in the IT industry or to override 
choices made by consumers 



about which PC operating sys- 
tems or other software products 
they would use." 

EXTENSION UNTIL 2012? 

The California-led camp plead- 
ed its case on Sept. 11 at the 
District Court's status meeting. 
The states requested that the 
provisions be extended five 
years until 2012, well into the 
tenure of a new U.S. adminis- 
tration that may hold a different 
view on regulation and relief. 

The dissenting states have 
until Oct. 15 to formally present 
their request to Kollar-Ko telly 
by laying out their terms and 
rationale. At the hearing, the 
Justice Department and its sup- 
porting states requested more 
time to decide how best to 
respond to the California-led 
group's proposal. 

Microsoft spokesman Jack 
Evans responded to the latest 
twist in the antitrust saga via 
e-mail: "We're a bit surprised 
that a few states are now 
requesting an extension of the 
consent decree, since they indi- 
cated just last month that they're 
not too fond of it." I 



BEHIND THE SCENES, SERVICES GIVE BOOST TO SAAS SUCCESS 



BY JENNIFER DEJONG 

As software as a service makes 
serious inroads, a sub-industry 
is quietly growing up behind it, 
making it easier for companies 
that sell software as a service to 
succeed. 

SaaS enablement companies, 
as they are sometimes known, 
help SaaS providers address 
issues such as billing, perfor- 
mance analysis and technical 
support. And they may also sup- 
ply more specialized services, 
such as bundling several SaaS 
products into a single offering, 
or tailoring existing software to 
suit the new delivery model. 

"[Providers of] SaaS applica- 
tions have to do things that 
[providers of] traditional, li- 



censed applications don't have to 
do," said Treb Ryan, CEO of 
Op Source, which has an on- 
demand Web application deliv- 
ery platform. First, there are the 
basic things: hosting the software 
so customers can access it on the 
Web, provisioning user accounts 
and passwords, delivering tech- 
nical support, and making sure 
performance is up to par, he said. 
The most sophisticated SaaS 
applications, however, do more 
than that. They make it possible 
for corporate customers to sign 
up and manage the billing 
process online, and also view 
performance metrics. That lets 
them see, for example, how long 
it takes the typical customer rela- 
tionship management software 



HELP IN MOVING TO THE SAAS MODEL 



SaaS enablement providers ease the job for ISVs by: 

• Provisioning user accounts and passwords. 

• Monitoring usage and managing billing. 

• Analyzing performance and reporting relevant metrics, such as 
how long it takes an application to carry out key transactions. 

• Offering tech support for end users. 

• Providing a range of application development services. 



user to create a sales report, or 
the average latency that occurs 
when a video clip is played. 
When selecting a SaaS provider, 
"no one says, 'Who has the best 
billing system?' " said Ryan. "But 
if you don't have those things 
today, it's a detriment." 

OpSource's OnDemand of- 
fering is aimed at ISVs and 
starts at about US$20,000. 

The key promise of SaaS 
enablement providers is to free 
software makers to concentrate 
on what they do best: develop- 
ing and selling software, 
said WebAppCabaret president 
Gabriel Wong. That's particular- 
ly important for small software 
makers, he said. "They often 
lack the resources to manage 
servers, deploy applications and 
provision new users." WebApp- 
Cabaret's key offering of the 
same name automates those 
three tasks. It's aimed at small 
software makers that typically 
sell niche-specific software and 
serve relatively few customers, 
and starts at US$200 per month 
for a single server. 



The best SaaS offerings are 
written with the SaaS delivery 
mechanism in mind, said Nav- 
iSite senior vice president of 
hosting Mark Clayman. The 
company offers hosting, perfor- 
mance and billing services for 
ISVs that "come to us with code 
in hand." And it also works with 
customers before they start 
coding, in much the same way 
that other application develop- 
ment service providers do. 

Worldwide revenue for 
enterprise SaaS software is 
expected to surpass US$5.1 bil- 
lion this year, a 21 percent 
increase from 2006 revenue, 
according to research firm 
Gartner. Jamcracker aims to 
capitalize on that growth by 
bundling SaaS products from 
several software makers into a 
single offering, said company 
vice president of marketing 
Steve Crawford. The company 
combines e-mail, anti-virus and 
back-up software, for example, 
as a package that can be provi- 
sioned, deployed and support- 
ed as a single offering. 




In the future, software will have to 
be available online, according to 
OpSource's Ryan. 

OpSource's Ryan said that 
while "change never happens as 
fast as we think it will," the 
recent growth in the SaaS mar- 
ket marks the beginning of a big 
shift in how software is sold and 
used. "The upcoming genera- 
tion doesn't do anything they 
can't do online," he said. But 10 
to 15 years down the road, 
these kids will be in business. 
"And any software they use will 
have to be online." I 
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CollabNet Platform 'Fulfills What ALM's About' 

Maker of Subversion tries to nudge its way into application life-cycle market 



BY JEFF FEINMAN AND 
DAVID RUBINSTEIN 

CollabNet in September re- 
leased version 5.0 of CollabNet 
Enterprise Edition, which 
CEO Bill Portelli is calling a 
push into ALM — or, as Portelli 
prefers, software development 
life cycle. 

"ALM for me is synonymous 
with tools, people and process," 
he said. "But flexibility is need- 
ed to manage the development 
life cycle. When we thought 
about ALM, we realized most 
folks want a process that assists 
them, but doesn't get in their 
way or harness them." 

What separates CollabNet 
in the space, Portelli said, is 
the technology's foundation in 
openness and being distrib- 
uted. The Enterprise Edition 
can be customized to an orga- 
nization's process, design goals 
and objectives, he added. 

When users start projects 
with this software, they can 
choose from three different 
process libraries — one for dis- 
tributed agile development, 
one based on the Eclipse Uni- 
fied Process, and a baseline 
process based on peer review. 
Then, any of those can be cus- 
tomized via wiki-style editors, 
the taxonomy can be changed, 
and it can be locked down and 
stored, Portelli explained. 

Yet many people think of 
ALM more in terms of tools 
than they do process; Portelli 



1-iKt ttlhVlr*W. ■ - - I ■ I ■■ - 



fU [* Bin lyw JoAiBf-j ]um Ijita 

" "3 



- ■ .* w 







y ^d H 

|j '■'■■-■■ — ■■'■ -■' 

| 
Ll 

l_! ii 

u >*.|rW.hi T d„jjMr 

ij -*■■■■— — --' ■•■■* — 

_ i-'l ^-KtA ^ 



*PH |» -3*^1= :J * J$I & S P D V 



/I _SfihJ* _ - _l ^J* 

With its new reporting capabilities, CollabNet Enterprise Edition can give project managers information on which 
projects are used most often. 



emphasized that CollabNet is 
an open framework into which 
third-party tools can be inte- 
grated. He also noted that 
CollabNet already has the 
Subversion software configu- 
ration management built in, as 
well as an issue tracker for 
defining and capturing re- 
quirements, and a project and 
task management tool. 

In addition, CollabNet 
offers CUBiT, a visualization 



platform that development 
teams can access and work in 
with their own build setups. 

The new version of Collab- 
Net Enterprise Edition has an 
API to enable users to gather 
information regarding pro- 
jects. New reporting capabili- 
ties in the tool can gather 
more information from arti- 
facts. It is the first release that 
brings some of the core trans- 
action data that is captured in 



Subversion, and users can 
report on that, said Isabelle 
Dumont, senior vice president 
of product marketing. Users 
can track the level of activity 
on their repositories and check 
code in and out. 

"Part of the reason we did 
that is to bring [these reporting 
capabilities] into the CollabNet 
desktop," Dumont said. "It's 
almost like we're developing a 
new interface that makes it visi- 



ble to the Eclipse environment, 
and we are bringing some of the 
artifacts and management capa- 
bilities to the desktop." 

CollabNet Enterprise Edi- 
tion allows customers to inte- 
grate outside tools, such as HP 
Quality Center, which can bring 
the QA team management 
capabilities. "We've worked 
with a lot of our customers, like 
Oracle, on their processes. A lot 
of companies that are very 
sophisticated around ALM 
already have processes defined, 
so what they've done is put that 
into a platform." 

CollabNet brings in a 
framework for companies to 
streamline the development 
infrastructure. Dumont said 
that a lot of the company's cus- 
tomers find that they might 
have 10 or 15 different SCM 
tools being used by teams 
throughout the organization. 
When looking to reduce that 
number to two or three tools, 
Subversion is usually on that 
short list, she said. 

Regarding the move into 
ALM, Dumont said, "It has all 
the components needed to ful- 
fill what ALM is about. We 
have ALM templates for the 
RAD methodology, for the 
agile methodology, and we 
have some key customers 
building their own templates 
and talking about sharing that 
back with the community of 
CollabNet users." I 



Kovair Links Disparate Tools 

With ALM 2.0 in mind, company releases Omnibus Integration Bus for IT 



BY JEFF FEINMAN 

Specialized ALM tools can 
often benefit from connections 
with one another. Kovair Soft- 
ware has created Omnibus 
Integration Bus for IT, 
which can integrate dis- 
parate ALM tools from dif- 
ferent makers. 

Omnibus, which was 
announced on Sept. 17, 
serves as a linking tool 
between different aspects 
of the application life cycle, 
including requirements 
management, project and 
portfolio management, and 
change management. 

Sky Basu, Kovair's 
CTO, explained that the 



Web services-enabled Omni- 
bus "can bring different tools 
running on disparate hardware 
and software platforms togeth- 



er even when they are physi- 
cally located anywhere in the 
world." 

According to Basu, Omnibus 




Omnibus Integration Bus for IT can link ALM tools running on disparate platforms. 



offers the ability to drastically 
reduce the number of integra- 
tions necessary among individual 
tools. Products that Omnibus 
can work with include HP 
Quality Center, Perforce, 
Visual Studio and Visual 
SourceSafe, Basu said. 

Omnibus also provides 
a process automation en- 
gine and integrated data 
repository for manage- 
ment reporting and trace- 
ability functions. 

"One of the big prob- 
lems is that there is no real 
integration among tools," 
Basu said. "Even when a 
vendor says . . . 'We have 
integration between our 



own tools,' it's not a very good 
integration. That's one of the 
big problems in the industry — 
there are lots of tools, but the 
tools don't talk to each other." 

Kovair has adopted For- 
rester senior analyst Carey 
Schwaber's concept of ALM 
2.0, which preaches the virtues 
of bringing processes and tools 
together, and giving developers 
the ability to pick and choose 
features from different tools. 
In this view, ALM 2.0 focuses 
on the integration between 
tools, rather than the tools 
themselves. 

"Once you have that integra- 
tion, there are three areas 
which have to be delivered 
across these tools," Basu said. 
"The first one is the process, 
the second is traceability across 
these tools, and the third is 
reporting." I 







^R^ 




At Vitria Technology we did something 
unique in the software industry: 

We actually listened 

to what you wanted, 

then we built it. 



Business Accelerator™ & Resolution Accelerator 1 



So we built it for you. The result? 

Business Accelerator and Resolution Accelerator. 

Products that work with your existing IT infrastructure, that preserve your freedom to add any application you 
need with no vendor lock-in, and resolve your process exceptions with minimal human involvement 

■ Open and agnostic architecture life with you existing and futjie systems 

• Complete product suite fan SOA implemerthon and event-driven integration 

* Unified solution br integrating system and people in brig-running business processes 

# Scales easily from basic integration to supporting complex, high volume processes 

» Unique exception resd urtron product eliminates process delays and reduces operational costs 

* Depbys 0*1 J2EE-cofrpliant application server from mullfcle vendors 



For more informafiorfi please call (877) 365-5935 w email at infofgvitriaxom. 

Vftna Technology - TTie Power at Choice 



^VITRIA 

www.vitria.com 



8 



NEWS 



Software Development Times 



, October 1, 2007 , 




VA N TAG E PolfclT 

WPF CONTROLS 




I'illn-. hrw- tJ.um Hdi-. yii-n li f U ,■*! Ii-r# kHjpL l«tx "■« lihn J!f ilMjir 



WPF Controls Never Looked Better 




Vant^tPainl WPF Ctmlroh fii Aurora 

VantsgePcHnt WPF Controls )s a suite of highLjr- 

custnmizable controls designed for displaying and 
m.onltorJrog ksy perform ana? Indicators in graphically 
Intense applications - from Industrial controls and 
manufacturing software to medical and financial 
systems. Using M i c ro^cift , WET 33 3& the ptetfcir m , 
Vantage^oint is written entirety kn WPF and can 
participate in dara binding and styling. 

The components are compatible with the Aurora 
XAML Designer hy Mobifcrm and Visual Studio and 
Expression Blend by Microsoft* 

Mi* the simplicity of Vantage Point with the power of WPF 
and you'll find creating intuitive screeni has never been easer! 



Silverlight Goes Gold; 
Support Extended to Linux 



BY DAVID WORTHINGTON 

Microsoft has decided that it is high 
time for Silverlight to shine, in every 
corner. The final bits of the Silverlight 

1.0 runtime became available for down- 
load in early September, and Microsoft 
gave assurances that a fully supported 
Linux port is forthcoming. 

The Silverlight platform, which was 
unveiled in May at MIX07, is a plug-in 
that works with multiple Mac OS X and 
Windows Web browsers; Firefox, 
Internet Explorer and Safari are sup- 
ported. 

Silverlight, formerly known as Win- 
dows Presentation Foundation (WPF) 
Everywhere, implements facets of WPF, 
the graphical subsystem of .NET 3.0 and 
part of Windows Vista, to provide ani- 
mation, vector graphics and video play- 
back capabilities for the Web. 

The 1.0 release is Silverlight s most 
primitive distribution and does not con- 
tain Common Language Runtime 
(CLR), as version 1.1 does. Silverlight 

1.1 features the slimmed-down Core 
CLR, which has been optimized for 
the Web. 

The September preview of Sil- 
verlight 1.1 also became available to 
developers in September. It delivers 
various bug fixes and performance 
enhancements, and includes support 
for Language Integrated Query 
(LINQ). 

Microsoft chief software architect 
Ray Ozzie ushered in Silverlight, stating 
that developers and designers can use 
Silverlight to deliver high-definition 
experiences to individuals by integrating 
data and services in rich and unique 

MICROSOFT'S 
SILVERLIGHT LINEUP 

Already, Microsoft has picked up a 
broad spectrum of early adopters 
including ISVs, media companies and 
systems integrators, as well as compa- 
nies making tools for Silverlight. 

Those pledging their support 
include: Advection.NET, Akamai Tech- 
nologies, Anystream, Blitz, BUYDRM, 
CacheLogic, Cynergy, EdgeCast Net- 
works, Electric Rain, Granicus, 
IdentityMine, Inlet, Internap, iStream- 
Planet, Level 3's content markets 
group, Limelight Networks, Liguid 
Compass, MPS Broadband AB, Nar- 
rowstep, Pinnacle, Resolute, REZN8, 
Schematic, Skinkers, Sonic Solutions, 
Tarari, Telestream, Twofour Digital, 
VeriSign and Winnov. 

Source: Microsoft Silverlight RTW Third Party 
Quote Sheet, Sept. 5 



ways. Ozzie predicted that Silverlight 
would accelerate the growth of rich 
interactive applications on a variety of 
devices. 

A partner initiative was launched in 
conjunction with today's releases. 
Microsoft is attempting to build an 
ecosystem around Silverlight by partner- 
ing with content delivery providers, 
design agencies, solution providers and 
systems integrators. 

A DANCE IN THE PALE MOONLIGHT 

In addition, Microsoft has embraced 
Novell's Linux port of Silverlight, 
dubbed Mono Moonlight. Parimal 
Deshpande, a group product manager 
in Microsoft's UX Platform and Tools 
group, said that customers have asked 
for a Linux port of Silverlight, and not- 
ed that they will get it. But only Novell 
will support the implementation, 
Deshpande noted. 

Miguel de Icaza, vice president of 
developer platforms for Novell and 
leader of the Mono project, said that 
the Moonlight implementation of Sil- 
verlight 1.0 is slated to ship in March 
2008, and that the goal for Mono is to 
ship a port of Silverlight 1.1 fairly 
quickly after its Windows counterpart 
is released. "Today we have parity 
with 1.1," de Icaza wrote in an e- 
mail. 

"The [Silverlight] experience will be 
identical on Linux. It is our intent — 
based on [customer] feedback — to sup- 
port Linux, and we do expect to support 
it for the foreseeable future," said 
Deshpande. 

As first reported by SD Times, 
Microsoft has nurtured the development 
of Moonlight since its inception. 

At the time, de Icaza said that 
Microsoft donated its opinion and 
guidance on how to build a Mono- 
based implementation of Silverlight 
that runs on Linux. Scott Guthrie, gen- 
eral manager within the Microsoft 
Developer Division, collaborated with 
de Icaza, and according to de Icaza, 
strongly inspired the project with his 
recommendations . 

de Icaza itemized the conditions 
of Novell's agreement with Microsoft 
in his blog shortly after Silverlight 
became generally available. Accord- 
ing to de Icaza, Microsoft will give 
Novell access to test suites for Sil- 
verlight to ensure that Mono has a 
compatible specification, provide 
access to the Silverlight specifica- 
tions beyond what is published onto 
the Web, and make codecs for audio 
and video available to users of Moon- 
light from Microsoft's Web site. I 
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, COMPANIES , 



The Mozilla Foundation on Sept. 6 registered the 400 mil- 
lionth download of the Firefox Web browser . . . TIBCO 
Software released version 3.5 of the Web-based General 
Interface development environment. The new version includes various 
speed increases, including better performance under Internet Explor- 
er 6 .. . SOA analyst firm ZapThink has acguired the Linthicum 
Group, a consulting firm also focused on SOA. As part of the move, SD 
Times columnist David S. Linthicum joins ZapThink. The company will 
now offer SOA advisory that includes understanding, defining and 
implementing enterprise SOA and product strategy guidance . . . IBM 
has teamed with Strikelron, which distributes live data over the Web, 
to deliver Strikelron's Web services via IBM's - Tll¥ - f |Bfl|| 
QEDWIKI enterprise mashup builder. Strikelron is ^TRIKEjflAOH 
publishing seven widgets on IBM's alphaWorks Web 2.0 content repos- 
itory server for public use, including widgets that deliver programmat- 
ic communication to contacts via text messaging, and enable driving 
directions to be integrated in any application. 



, NEW PRODUCTS , 



A new Adobe Flex SDK for the Lightstreamer real-time text data dis- 
tributing tool has been released, with the goal of developing Light- 
streamer clients based on Flex and Flash technologies. The new Flex 
SDK features a native ActionScript3 library that communicates with 
the Lightstreamer Server and offers a high-level API . . . Microsoft has 
unveiled the Works with Windows Server 2008 certification program, 
which establishes baseline application compatibility with the Windows 
Server 2008 operating system; a Certified for Windows Server 2008 
logo is awarded to validated applications. Microsoft said that the pro- 
gram is open to independent software vendors, while system adminis- 
trators can also use the tools to test their applications, whether devel- 
oped in-house or purchased. 



UPDATES, 




ALM provider Polarion has released Polarion ALM for Subversion 

3.0. The new release offers enhanced dashboards and metrics, and an 
open API for integrating the product with other tools. It 
comes in three editions: Team for developers, Enterprise 
for project managers, and Multisite that can replicate 
repositories . . . REAL Software, a provider of cross- rauHioP 
platform application development tools, has released version 4 of 
REALbasic 2007. The latest version of the tool includes Ubuntu sup- 
port, faster ODBC execution and enhanced debugging with properties 
that simulate command-line arguments . . . Indigo Rose, which offers 
~» | 'P ' i software development life-cycle management 

■ T[Qt tools, has released TrueUpdate 3.0. It allows pro- 

grammers to integrate an automatic updating 
feature into applications and includes automatic 
firewall and proxy server negotiation, a stand- 
alone client, and a project wizard that offers help . . . Developer 
Express has announced Refactor! Pro 2.5, the company's IDE pro- 
ductivity tools for Visual Studio that focus on efficiency and speed of 
coding. The new version has code refactorings aimed at C#, such as 
extracting XML literals as resources. 




PEOPLE 



Richard Faint was named president and CEO of Solstice Software, a 
provider of automated end-to-end testing of integration and SOA. 
Faint, who was already serving as chairman of the board, has served in 
CEO positions with Impact Labs, a Maryland-based software company, 
and Sequoia Software, an XML-based portal software provider that was 
acquired by Citrix Systems in 2001 . . . Hewlett-Packard has created a 
new Web Services and Software unit within the Images and Printing 
group, and named former Mercury Interactive CFO David J. Murphy 
as the department's head. Murphy will serve as SVP of the unit, which 
will drive Web services and software applications for monitoring print- 
ing as content moves from the desktop to the Web. I 



A J AX- Based Web 2.0 
Ready for Takeoff 

New research shows strong interest in 
rich Internet application development 



BY ALAN ZEICHICK 

Nearly four out of five organi- 
zations that are doing Web 
development are using, or 
planning to use, Web 2.0 
or rich Internet application 
technologies — and specifically, 
AJAX. That's according to a 
study conducted in July by BZ 
Research. 

BZ Research, like SD 
Times, is a part of BZ Media. 
This particular study had 
responses from 574 software 
development managers, 510 of 
whom said they were involved 
in Web development. For this 
story, the results were filtered 
to consider responses only from 
those 510 individuals. 

When asked if they were 
using, or planning to use, 
AJAX-based Web 2.0 or RIA 
technologies, 78.5 percent said 
they were, 9.7 percent said they 
weren't, and 11.8 percent did 
not know. 

AJAX "allows us to move 
otherwise costly server-side 
processing down to the client; 
allows us to decouple UI and 
Backend; provides flexibility," 
said one respondent, while 
another said that it offers 
"great client side experience 
for a complex Web mapping 
application, easy to create par- 
allel processes that tie in code 
behind with client side code." 

One respondent, who sup- 
ports a school district, wrote 
that AJAX offers "enhanced 
usability for a user-base of hun- 
dreds of thousands of children 
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and teachers. (Every full-page 
refresh is a needless opportuni- 
ty for them to become distract- 
ed.) Shift some of the render- 
ing to client machines — there 
are way more of them than our 
servers!" 

However, for most organi- 
zations, deployment is still off 
in the future. When asked 
about the status of the most 
advanced AJAX projects at 
their companies, only 29.5 
percent said they had actually 
deployed a production system. 
Another 15.2 percent were 
developing production sys- 
tems, 14.0 percent were build- 
ing pilot systems, and 26.8 
percent were still studying the 
technologies and issues. 

As occurs so often with 
development platforms, there 
was a split between the Java 
world and the Microsoft world. 
The most popular application 
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platform being used for AJAX 
(or being considered for future 
AJAX projects) was Java/Java 
EE, selected by 55.7 percent of 
respondents, followed by 
Microsoft ASP.NET/Atlas by 

44.7 percent. Other popular 
platforms were PHP, at 25.9 
percent, Adobes Flash, at 21.8 
percent, and Ruby on Rails, at 
12.1 percent. 

The respondents were also 
asked, "Other than JavaScript 
and XML, which languages will 
you be using for AJAX-based 
development?" The most pop- 
ular was Java, at 54.5 percent, 
followed by Microsoft's C#, at 

35.8 percent, PHP at 27.6 per- 
cent, Visual Basic/VB.NET at 
24.3 percent, Flash/Action- 
Script at 19.7 percent, and 
VBScript at 13.7 percent. 
C/C++ and Ruby were tied at 
11.5 percent. 

Of course, not everyone is a 
fan of AJAX as the solution for 
developing rich Internet appli- 
cations. "AJAX is too complex. 
Browsers are not a proper 
platform for RIA — on the con- 
trary they are an obstacle and 
AJAX is supposed to be the 
way to circumvent around the 
obstacles of the browser. True 
RIA is a browser-free solu- 
tion," said one. Another 
offered a more practical con- 
cern: "Sometimes AJAX can 
introduce usability issues, 
since it 'breaks' the simplicity 
of the Web applications, so we 
are not going to use it on every 
project." I 




an you achieve application quality 
'ithout application security? 




Many companies are under the impression that testing for web applica- 
tion security simply involves a cursory check for easy-to-guess user 
names and passwords. Yet application security testing can and should 
involve more complex audits, such as testing for SQL injection and cross- 
site scripting vulnerabilities. Often this sort of review does not happen 
until the web application is in production, when it is too late to stop a 
hacker or a malicious program from attacking and much more expensive 
to remediate the vulnerability. 

While quality assurance (QA) departments have traditionally focused on 
functional or performance testing— it is a clear trend that QA is becom- 
ing a critical participant in application security testing. 

Are you ready for security testing? 

There are three ways that your QA department may become involved 
with web application security testing: 

• Your company's web security experts may request that application 
security testing be done by the QA group to ensure that all fixes have 
been implemented and no security holes exist prior to releasing the 
product to production. 

• Your compliance officer— facing concerns about Sarbanes-Oxley 
(SOX), Health Insurance Portability and Accountability Act (HIPAA), 
payment card industry (PCI), etc.— may request that further application 
security testing is performed during the QA process. 

• Your QA department may request involvement with testing for web 
application security, because an application with potential security 
holes is not going to be perceived as high-quality by users. 

No matter how the department gets involved, certain steps will need to 
be taken to establish the application security testing process. It will need 
to be determined whether there will be specific, dedicated staff members 
who will be performing web application security testing, or whether the 
task will be dispersed throughout your entire QA group. In addition, the 
timing of web application security testing during the QA process will 
need to be managed. Ideally, application security testing will be per- 
formed as early as possible, so that developers can fix any security issues 
in a timely manner without compromising the project's schedule. Finally, 
the right software for application security testing will need to be selected 
and implemented. 

The right approach to application security testing 

The QA department will need application security testing software that is 
able to perform three different types of testing to determine the vulnera- 
bilities inherent in each user class: as a non-authenticated user, an 
authenticated user, and an administrative user. Additionally, the web 
application security tool should be able to perform both automated and 
manual crawling/spidering of your web application. 

Automated application security testing software will spider the entire 
application by clicking every button and link, filling out data fields to 
identify the structure of the program, and then auditing each page for 
vulnerabilities. It should do this from the outside in, reviewing each 
portion of the site the way an external hacker might. This comprehensive 
approach is valuable to ensure that all security holes have been 



identified and can be fixed. On the down side, it can also produce false 
positives, and it may not be able to access all of your web pages due to 
the way that certain pages are coded. 

Manual testing allows a user to focus on specific pathways or tasks on a 
website while the software follows silently behind, tracking the process. 
The program can then audit the particular path that the user has taken 
for security vulnerabilities and provide a report. Manually crawling an 
application can be time consuming, but it also ensures that specific 
pages are tracked and analyzed. 

Choosing the right products 

The following basic questions should be addressed when you are looking 
for a web application security testing product: 

• How easy is the product to use? 

• What kind of training will your QA department require in order to 
properly use the product? 

• How well does the product integrate into the tools and software that 
are already used by your organization? 

• How often is the product updated with new security checks— daily, 
weekly, monthly? 

• What is the false positive rate of the product? While no product is per- 
fect, you want to find a product with as a low a rate as possible so that 
your resources are not wasted going through false positives. 

• How well does the product integrate with leading quality management 
platforms? 

• Does the product appear to evaluate each page of your application or 
does it get stuck on certain pages? 

• Does the product allow the end user to easily modify scan settings? 

• What kinds of restrictions are in the product's license? 

• In which formats are reports offered (PDF, HTML, XML)? Are they easy 
to read? Do they contain information on the location of the vulnerabili- 
ty, how to execute it, how to verify it and how to fix it? 

• Will the company allow you to evaluate the product before committing 
to purchase it? Confident vendors will often provide a seven- to 15-day 
evaluation period. 

HP Software makes it easy 

Leading the charge in application quality and security, HP Software has 
recently completed the acquisition of SPI Dynamics, the leader in web 
application security testing. SPI Dynamics technology, which is already 
seamlessly integrated with HP Quality Center software, enables organi- 
zations to assess security vulnerabilities along the entire lifecycle of web 
applications— including development, QA and operations. Customers 
can also use SPI Dynamics software to validate application security and 
quality to meet auditing and compliance requirements, such as SOX. 

To find out more about HP Software's integrated solutions for Application 
Quality and Security, please visit www.hp.com/go/software 



Run a free test of your web applications via our free 15-day trial of HP QAInspect® software 
and get a comprehensive vulnerability report. www.spidynamics.com/QA/ 



© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such 
products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. 
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Compuware Consolidates Developer Efforts 

Product teams in Massachusetts, Australia, Ireland headed to Detroit, reducing operations costs 



BY JEFF FEINMAN 

Compuware is planning on cen- 
tralizing some development 
efforts and thereby eliminating 
approximately 100 jobs by the 



end of February, company offi- 
cials said last week. 

Compuware says it expects 
the job cuts will cost about 
US$4 million, with about half of 



that going toward severance 
costs. However, the company 
estimated that the move would 
decrease its operating costs by 
$13 million per year. 



"This is part of a larger 
effort, to maximize the benefit 
we could get from bringing 
together a lot of our technical 
development effort, and it's also 
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to reduce operating expenses 
by $100 million [in 2008]," said 
Doug Kuiper, director of com- 
munications and investor rela- 
tions for Compuware. 

Kuiper confirmed that the 
positions being cut are within 
the company's product develop- 
ment and technology staff. 

The company also plans to 
relocate some of its product 
development workshops and 
teams. The Strobe application 
performance management 
product team will move from 
Cambridge, Mass., to Detroit. 
Compuware 's Vantage Service 
Manager and its Optimal Trace 
product teams will also relocate 
to Detroit, from Sydney and 
Dublin, respectively. 

SECOND CUTBACK THIS YEAR 

This action is far from Com- 
puware's biggest job cut. Back 
in June, the company eliminat- 
ed nearly 250 employee posi- 
tions as part of a similar product 
realignment. In 2001, more 
than 1,000 employees were cut, 
Kuiper noted. 

"Compuware has been 
doing a lot of cutting back late- 
ly," said Thomas Murphy, an 
analyst with Gartner. "I don't 
have a good read yet on if there 
[are] general health issues, or if 
they are just getting re focused 
and cutting their losses." 

Murphy said that Com- 
puware's testing group, which 
he has covered a fair amount 
recently, seems to be on a good 
path, although it has seen rev- 
enues go down in product suites 
such as the company's DevPart- 
ner debug and testing tools. 

When asked if the company 
will eventually homeport all of 
its development operations in 
Detroit, Kuiper noted that 
development operations in 
Toronto and Amsterdam con- 
tinue, and that there are no 
plans to consolidate those facil- 
ities. He added, "We recognize 
that it's difficult for the employ- 
ees impacted. But there are 
such substantial technical and 
business benefits from this con- 
solidation that the company just 
couldn't ignore those benefits." 

In a filing with the U.S. 
Securities and Exchange Com- 
mission, Compuware said that 
its shareholders approved its 
2007 long-term incentive plan 
at the company's annual share- 
holders meeting on Aug. 28. I 
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Microsoft and Sun Further Partnership 

The rivals will create initiatives to support interoperability between their environments 



BY DAVID WORTHINGTON 

Interoperability can make 
strange bedfellows. In Septem- 
ber, Microsoft embarked on 
several strategic initiatives with 
Sun Microsystems and deliv- 
ered on its promise to set up 
shop with Novell. 

Sun is no longer exclusively 
a Linux and Solaris shop: It has 
signed on as a Windows Server 
OEM and will sell Windows 
Server 2003 running on its 
BAMD- and Intel-based x64 
hardware; Microsoft will make 
the software available within 90 
days. The companies will also 
support each other in virtual- 
ized environments. 

Microsoft and Sun will work 
together to test and validate 
Windows on Sun's server and 
storage products, while Sun will 
expand its presence on Micro- 
soft's Redmond campus with 
a new interoperability center. 
(See "Microsoft, Novell Open 
Joint Facility," page 30.) 

The interoperability center 
will support customers running 
joint Microsoft- Sun solutions in 
areas such as database, e-mail 
and messaging, Remote Desktop 
Protocol support in the Sun Ray 
thin clients, and virtualization. 

SUN'S INTERESTED IN IPTV 

Sun has a specific interest in 
Microsoft's IPTV technologies, 
and will work with Microsoft to 
advance and promote deploy- 
ments of the Microsoft Media- 
room IPTV and multimedia 
platform on Sun's hardware. 

"Sun is now a single source 
for today's leading operating 
systems — Solaris and Win- 
dows — on the industry's most 
innovative x64 systems and 
storage products. Customers 
can now take advantage of the 
virtualization benefits of Win- 
dows and Solaris on Sun's ener- 
gy-efficient x64 systems," said 
Sun's John Fowler, systems 
group executive vice president, 
in a prepared statement. 

Fowler later noted during a 
phone conference with the 
press that all of Sun's customers 
use both Solaris and Windows. 

Solaris will not fall by the 
wayside in the rivals' nascent 
partnership: Microsoft and Sun 
will collaborate to certify 
Solaris as a guest operating sys- 
tem on Microsoft virtualization 
technologies. 

There will be a joint support 



solution between the compa- 
nies for customers virtualizing 
Solaris. 

Microsoft is expected to 
deliver a Community Technolo- 



gy Preview of its Viridian 
hypervisor when it distributes a 
release candidate of Windows 
Server 2008 to testers later this 
year. Windows Server 2008 will 



include a beta version of Viridi- 
an when it ships in 2008. 

The companies began col- 
laborating on interoperability 
in 2004 and since then have 



worked on such issues as iden- 
tity management, systems man- 
agement, thin clients, Web ser- 
vices and Windows Server 



engineering 



Intellectuals solve problems. 
Geniuses prevent them. 



— Albert Einstein 
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Applications 
Aren't Dead Yet 

Rumors of demise at the hands of 
Web 2.0 have been greatly exaggerated 




BY ALEX HANDY 

With the Web semiofficially standing at 
revision 2.0, it's only natural that the office 
would follow suit. Just exactly what the 
next-generation office will look like was 
the topic of much discussion when the 
Office 2.0 conference convened in San 
Francisco at the beginning of September. 
Throughout the show, there was a con- 
stant debate between those expecting the 
software-as-a-service (SaaS) revolution to 
kill large-scale enterprise 
applications, and those 
expecting an equilibrium 
to be established, which 
came to a head in a panel 
titled "Death of the Appli- 
cation." 

Raj en Sheth, a product 
manager at Google, said 
that massive enterprise 
applications aren't vanish- 
ing or being replaced; 
they're simply evolving. 

"There's kind of a reform- Apps are more of an iterative 
ing of what the application thing now, says Google's Sheth. 
really is all about. Rather 
than launching a new project every year 
to deploy new software and upgrade the 
technology, it's become more of an itera- 
tive thing," said Sheth. "You have to stay 
on top of what innovates. You can't afford 
to write new applications all over again." 

Ramana Rao, CEO of the stealth start- 
up iCurrent, said that the Web was simply 
making enterprise applications more 
transparent rather than killing them off 
entirely. "In the early days of any tool or 
concept, you're explicitly aware of touch- 
ing it. Then, eventually, you forget. You 
think, I'm chatting with someone — who 
cares if it's AIM or Yahoo?" said Rao. 
"What you care about are the things 
you're trying to get done: to create docu- 
ments, to create transactions. The stuff in 
between starts to become transparent." 

Rao surmised that the future wouldn't 
be built on top of singular massive appli- 
cations, but rather on smaller ones that 
can be mixed and matched within Web 
pages, or inside desktop applications. 
Massive software suites that do every- 
thing, he said, may be what's dying, 
rather than the application as a whole. 

Danny Koike, CTO of on-demand 
application provider Etelos, noted that 
users see choices today that didn't exist a 
few years ago. He said that the data 
behind the applications is what matters, 
and the way users access that data is 
becoming more and more irrelevant. 

As an example, he cited his own need 
to view Microsoft Word documents. 



Koike said that he needed to see and edit 
these documents, but he didn't actually 
need Word to do so. Thus, as an end user, 
Koike didn't need to consult with his IT 
cohorts before deciding what word 
processor to use — he made the decision 
and explored other options on his own. 

Coghead CTO Greg Olsen, also rep- 
resenting a Web-based application busi- 
ness, agreed with Koike, explaining that 
working in large enterprises now requires 
less internal application 
training. 

"I remember going to 
work at Lockheed Martin, 
where you had two weeks 
of training on their internal 
applications. That notion, 
to me, is gone," said Olsen, 
adding that he hopes to 
reach the point where new 
hires come with their own 
laptops and use their Web 
browser to interface with 
internal applications. This 
model, he said, requires 
little to no training be- 
cause Web apps all have the same inter- 
face paradigms: Point, click, type. 

Google's Sheth sees the main impe- 
tus for this change coming from user 
desires. In the past, he said, the IT man- 
agers had all the power when it came to 
choosing applications and interfaces. 
Now, however, the end users inside the 
company are able to choose from inter- 
nal, external, SaaS or desktop setups, 
and their choices may conflict with those 
of the IT managers, Sheth noted. 

"A lot of previous applications didn't 
focus on the end user. The way that soft- 
ware is typically sold, the user things are 
negotiated with the IT department. But 
the user is becoming more important. You 
have situations where the users will want a 
certain way of operating, and the IT 
department, potentially, wants something 
very different. It's tough to make the appli- 
cations you offer to your users a democra- 
cy. In many ways your job is to make sure 
there is control, so the tough thing is find- 
ing the equilibrium," said Sheth. 

Mark Bagley, vice president of tech- 
nology at BT Group's West Coast innova- 
tion scouting effort, summed up the argu- 
ment in favor of purpose-designed apps 
with aplomb: "If you started fresh today, 
would you create an application that does 
everything for everyone? No, you'd prob- 
ably go vertical. I think we're not going to 
go back to that world of having a platform 
for everything. I think we're going to have 
lots of very specific applications." I 
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Semantic Technologies Meet SOA 



Metatomix's middleware applies business rules, reasoning to data 

BY DAVID worthington important, can they break orga- Sept. 10 saw the release of process rules, and semantic rea- 

Do semantic technologies have nizations' reliance on expensive version 5.0 of Metatomix's soning from industry domain 

a place in software-oriented data warehouses? Metatomix semantic middleware platform, ontologies to information that it 

architecture (SOA), and more believes they can. The platform applies business collects, enabling customers to 
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integrate data and to uncover 
and define relationships. 

"[Semantic technology] eases 
the way to describe and work 
with information," said chief 
technology officer Colin Britton. 
A metadata-based approach 
offers users a network-centric 
view of information stored in 
various silos of data, he 
explained. 

Metatomix 5.0 uses the 
SPARQL RDF query language 
to perform federated queries 
across multiple databases and 
data formats, and now offers 
support for a number of data 
types, including relational, file- 
based and memory-resident, 
said Britton. Support has also 
been added for Oracle llg's 
semantic layer. 

In addition, the new release 
includes reasoning and valida- 
tion enhancements to validate 
semantic data against an ontol- 
ogy, and has an improved busi- 
ness policy engine, licensed 
from an unnamed third-party 
vendor. The policy engine per- 
mits organizations to semanti- 
cally describe business actions 
without writing business rules. 

Another new feature is ser- 
vice links, which are data access 
services that forge links between 
data, creating reusable modules 
out of service profiles. Britton cit- 
ed the example of a state official 
who queries an individual's dri- 
vers license number, where the 
semantic engine evaluates how it 
should respond using business 
rules and ontologies. It directs 
the query to the Department of 
Motor Vehicles, and the registry 
at the DMV answers, with addi- 
tional information that the query 
can use to call other data sources, 
forming a processing chain. 

ENABLES EXISTING STACK 

Metatomix also updated its appli- 
cation development tool, M eta- 
Studio. MetaStudio is an Eclipse- 
based IDE that bundles tools 
and libraries to help developers 
semantically enable apps. The 
IDE enables semantic use from 
within Adobes Flex, through 
Java EE containers to the appli- 
cation platform, said Britton. 

"We don't see our role as to be 
the full stack. People are already 
investing in that stack. We are 
semantically enabling the stack 
that they have, with an intelligent 
processing engine," said Britton. 

"Metatomix is laser-focused 
on providing customers with 
real-world applications of 
semantic technology," said 
Metatomix president and CEO 
Jeff Dickerson. I 
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Sun Offers App Server Unity in GlassFish 



< continued from page 1 

which was developed in parallel 
to GlassFish. But with the 
release of GlassFish version 2, 
Sun has consolidated its Java 
EE application servers into a 
single codebase. 

While GlassFish will remain 



free, it now offers all of the 
enterprise-specific features of 
the Sun Java System Applica- 
tion Server. For example, the 
GlassFish update includes the 
OpenESB support for Java 
Business Integration. Now, the 
only differences between Glass- 



Fish and its commercial twin 
are in the installers: The Sun 
Java System Application Serv- 
er's is richer and capable of 
updating previous installations, 
while GlassFish's is somewhat 
sparse. 

Both application servers 
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The Sun Java System Application Server console features a refined administrative approach to setting up 
application clusters to be deployed across grids. 



include the fruit of Project 
Metro, the label for Sun's 
efforts to support Microsoft- 
based Web services. From a 
Java perspective, Project Metro 
takes the form of an entire stack 
of software built to allow for 
secure communication between 
Java-based services and those 
hosted in Microsoft systems. 

But for enterprises, the most 
notable change to GlassFish 
version 2 may be the inclusion 
of clustering tools. Although the 
application server update offers 
an overall speed increase of 
around 60 percent, according to 
Drachnik, enterprise customers 
can boost that bonus by using 
GlassFish's built-in administra- 
tion tools to help deploy appli- 
cations across grids. 

Also on Sept. 17, Sun 
announced the release of a beta 
version of its NetBeans 6.0 
IDE. This beta includes many 
of the enhancements needed to 
quickly create and deploy 
GlassFish-based applications. 
This is the first beta release of 




More enterprise features have 
made their way into GlassFish, 
says Sun's Drachnik. 

this cycle, and the final product 
should be released sometime in 
November. 

GlassFish version 2 is free to 
download. Sun Java System 
Application Server 9.1 is avail- 
able for US$4,500 per year for a 
single-machine, four-CPU 

license. This includes service 
and support, and has been 
reduced since the last release, 
according to Drachnik, who 
hopes this price drop will help 
to spur adoption. I 



SCO Group Files 
For Bankruptcy 



< continued from page 1 

as it was by the balance sheet, 
since the Novell trial was due to 
begin three days later. 

Bruce Lowry, director of 
global public relations for 
Novell, said that this move 
would indefinitely postpone 
the trial with SCO. "U.S. 
bankruptcy law stays pending 
litigation, so the trial that was 
to have started on [Sept. 17] is 
now stayed. We'll be assessing 
our options for pursuing our 
interests relative to SCO. 
That's all we can say at this 
stage," said Lowry. 

A 'RED-LETTER DAY' 

Jim Zemlin, the executive 
director of the Linux Founda- 
tion, called Sept. 14 a red-letter 
day for Linux, but a sad one 
"for employees, customers and 
shareholders of The SCO 
Group," he said. "SCO's filing 
of Chapter 11 is the final state- 
ment in a lesson which will 
long be remembered by the 
software industry. Since 2003, 
SCO has chosen a business 
strategy of litigation which 



resulted in its bankruptcy. In 
the same period Red Hat, a 
company that chose to offer 
open source and Linux prod- 
ucts, has seen a 400 percent 
increase in shareholder value. 
Legal gamesmanship is no 
match for the power of honest 
innovation," he added. 

Bernard Golden, CEO of 
Navica and author of "Suc- 
ceeding With Open Source," 
said: "The stage manager was 
saying, This fat lady's going to 
sing, and this is going to be 
fantastic,' but then he had to 
come out and say, The fat 
lady's not going to sing, and by 
the way, the opera company's 
bankrupt.' If you look at the 
adoption of Linux since the 
suit was filed, it really hasn't 
been impeded. The value 
proposition is so strong for 
Linux that people said, Til go 
ahead and do it anyway." 

He added that corporate 
Linux users had been confi- 
dent for some time that their 
upstream Linux providers 
would provide indemnification 
against legal action based on 



SCO's claims. 

But not everyone was con- 
vinced of this protection. Dur- 
ing its legal maneuverings, 
SCO sold a number of indem- 
nities to larger competitors, 
such as Microsoft and Sun 
Microsystems. 

These companies, while 
not publicly endorsing SCO's 
lawsuits, have taken strong 
an ti- Linux stands of their own. 
Al Gillen, research vice presi- 
dent of system software at 
IDC, said that those agree- 
ments should still be valid. 

"I guess they continue to 
have indemnification from any- 
thing SCO would do," said 
Gillen. "That's what they 
bought. I don't think the reor- 
ganization is going to funda- 
mentally change [those con- 
tracts]." 

Some critics, though, had 
charged that SCO's offering of 
indemnification licenses was 
akin to extortion. 

Nonetheless, Gillen pointed 
out that SCO's users aren't 
going to abandon the company. 
"They still have a big installed 
base and some resellers. There 
is a customer base. It's not like 
it disappeared completely," said 
Gillen. He added, however, that 
SCO's base has "contracted 
considerably over the last cou- 
ple of years." I 



Virtual Machine Image 
Standards Are Emerging 



BY ALEX HANDY 

Virtualization has advanced to 
the point where individual 
packages of running operating 
system and software must be 
handled in the same way as any 
other data asset: They must be 
stored, saved and passed 
through tools from different 
vendors. In September, the 
Distributed Management Task 
Force (DTMF) accepted a 
draft specification for the stan- 
dardization of virtual machine 
images, or at least as a way to 
make them interoperable. 

Behind the creation of this 
draft specification are Dell, 
Hewlett-Packard, IBM, Micro- 
soft, VMware and XenSource. 
The proposed format is known 
as the Open Virtual Machine 
Format (OVF), and essentially 
encapsulates a virtual machine 
image in an XML wrapper, for 
easier identification and com- 
patibility. DTMF president 
Winston Bumpus noted that 
the OVF specification would 
also link into other virtualiza- 
tion standards being developed 
inside the DMTF. 



The OVF specification also 
includes plans for security fea- 
tures that would ensure the 
integrity of transported virtual 
machines. The overall goal of 
the project is to make IT orga- 
nizations more comfortable 
with the packaging and deploy- 
ing of virtualized environments 
as hosts for critical applications. 

Mike Neil, general manag- 
er of virtualization strategy at 
Microsoft, said "OVF comple- 
ments Microsoft's open Virtual 
Hard Disk format and the 
strong ecosystem of vendors 
that now support it. Microsoft 
continues to be an active 
member of the DMTF virtual- 
ization management efforts, 
and we see OVF as a natural 
extension of our existing stan- 
dardization work in this area," 
said Neil. 

The draft specification for 
OVF must now undergo further 
evaluation and development 
within the DMTF. There was 
no word on when this work 
would be finished, and it is 
unknown when the OVF speci- 
fication will be completed. I 
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MySQL's Falcon Spreads Its Wings 



BY JEFF FEINMAN AND 
P.J. CONNOLLY 

MySQL AB, creator of the 
open source MySQL database, 
had a busy September, as the 
company announced a release 
candidate of MySQL 5.1 Com- 
munity Server, an alpha release 
of MySQL 6.0, a new version of 
MySQL Enterprise and other 
components. 

Database partitioning is the 
most-touted feature of MySQL 
5.1, but there's more beyond 
that. Row-based replication 
writes changes to a log on the 
master server, instead of send- 
ing SQL statements to a slaved 
database. As of version 5.1.8, 
this will be the default replica- 
tion behavior, with the row- 
based option preserved. 

MySQL 5.1 adds support for 
a plug-in API that enables the 
flexible loading and unloading 
of components on a running 
server; a text parser is likely to 
be the first beneficiary of the 
new API. The new release also 
includes a built-in event sched- 
uler, and an overhaul of cluster- 
ing features. 

Along with the MySQL 5.1 
release candidate and the alpha 
of 6.0, MySQL Proxy and 
MySQL Connector/ODBC 5.1 
were expected to become gener- 
ally available in September. 
MySQL Proxy allows users to 
analyze and monitor communi- 
cations between a client and the 
MySQL server. The MySQL 
Connector/ODBC 5.1, as the 
name implies, is an ODBC 
driver that provides client access 
to a MySQL database. 

MySQL 6.0 will be built on 
the new Falcon transactional 
storage engine, which is de- 
signed to run on a variety of 
hardware platforms. The My- 
SQL Falcon architecture con- 
sists of six basic components: 
data files, a log containing data 
and index changes, a page cache, 
a record cache, system memory, 
and worker threads that move 
data from the Falcon log into 
the page cache. 

Falcon can be previewed as 
part of the MySQL alpha, and 
runs on Intel-based Mac OS X, 
Linux and Windows. MySQL 
plans to have a GA release in 
mid-2008. 

The new version of MySQL 
Enterprise, the company's com- 
mercial subscription service, 
aims to ease the management 
of Web sites and critical busi- 



ness applications. A typical sub- 
scription to MySQL Enterprise 
2007 consists of monthly 
MySQL server software up- 
dates, and access to the MySQL 
Enterprise Monitor, which fea- 



tures a new replication monitor 
and a gallery of over 20 graphs 
of distributed database environ- 
ments. Telephone and Web 
support is also provided as part 
of the service. 



MySQL Enterprise is intend- 
ed to simplify database scale-out, 
which "is how many of today's 
largest and fastest-growing 
online companies keep their 
sites up, their IT budgets down, 



and their technical teams sane," 
according to Marten Mickos, 
CEO of MySQL. "[Companies] 
can better manage their growth 
by replicating database servers 
on low-cost commodity PCs. 
Our new version of MySQL 
Enterprise makes database 
scale-out even more affordable 
and easier to administer." I 
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Koders Code Search Goes Pro 



BY ALEX HANDY 

The more code a development 
team generates, the harder it is 
to find something inside that 
code. Koders, the company 
behind source code search 
engine Koders.com, released its 



first enterprise source code 
search tool last year to help solve 
this problem. In September, the 
company released a new tool, 
Koders Pro Edition, that softens 
some of the sharper edges of its 
enterprise product. 



The biggest change from 
Koders Enterprise Edition is 
the simplification of the instal- 
lation process. In Koders Pro 
Edition, all the needed files 
are included in one package, 
rather than relying on prein- 



stalled libraries to handle cer- 
tain tasks. The software runs 
on a dedicated machine, with a 
built-in Web server and 
embedded database for log- 
ging found code. 

And finding code is Koders' 
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No. 1 job. The Pro Edition spi- 
der walks through Subversion or 
CVS repositories, cataloging the 
source code within. Additional 
repositories can be examined 
with simple customizations, or 
with the addition of Koders' own 
preconfigured tweaks for IBM 
Rational ClearCase or Perforce 
repositories. Developers can 
then use the software to find 
what they're looking for inside 
all of these disparate servers. 

But for managers, new 
reports that can be generated 
around source code information 
may be the big draw. Darren 
Rush, CEO of Koders, explained 
that his company has enhanced 
metrics for languages, licenses 
and reuse. 

For development teams, 
Koders Pro Edition is available 
for US$99 per seat, per year. I 

iTKO Virtualizes 
SOA Testing 

BY DAVID WORTHINGTON 

Virtualization isn't just about 
hardware, believes testing 
provider iTKO, which has 
expanded its software's ability 
to simulate load testing by using 
virtualized services. 

iTKO released version 3.6 of 
its LISA SOA testing framework 
at the end of August. LISA lever- 
ages virtualization to run tests 
that invoke and verify at each tier 
of the architecture. It virtualizes 
the behavior of services to lower 
the number of test beds, and 
reduces licensing costs and con- 
tention on hardware. 

The upgrade adds several 
feature enhancements that 
include an expanded set of load 
patterns for simulating user 
traffic, simulation patterns that 
run from multiple servers and 
locations, more automated pac- 
ing of transactions for test cas- 
es, and test synchronization. 

John Michelsen, founder and 
chief architect of iTKO, said 
that the next major release of 
LISA would make broader use 
of virtualization. "As [Business 
Process Management Systems] 
become applications, we want to 
be the best application," he said, 
noting that the pairing of SOA 
and virtualization technologies 
was a match made in heaven. 

iTKO also intends to provide 
more functionality around SOA 
governance runtime policy. Crit- 
ical Path Tracer is a new compo- 
nent being developed to inspect 
environments and perform func- 
tional and performance verifica- 
tions, said Michelsen. I 
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CodeGear Rolls Ruby Onto 3rdRail 



BY ALEX HANDY 

CodeGear's newest IDE, 
released in mid- September, is 
dangerously powerful. 3rdRail is 
a Ruby IDE that focuses heavily 
on automating and simplifying 
the tasks associated with deploy- 
ing applications on top of the 
Ruby on Rails framework. While 
CodeGear already offers Ruby 
IDEs in various forms, 3rdRails 
heavy emphasis on the Rails 
framework makes it stand out in 
a field where the language is 
rarely used alone. 

Michael Swindell, vice presi- 
dent of products and strategy at 
CodeGear, said that Ruby on 
Rails has reached a tipping point. 
"Clearly, we've been seeing 
Ruby on Rails growing in popu- 
larity," said Swindell, who noted 
that enterprises began taking a 
good look at it last year. "That's 
an early indicator of a language 
and platform that's going to 
become a standard. But when 
we look at the tool sets available, 
there's a clear lack of tools that 
are focused on specifically build- 
ing Rails applications." 

Therefore, CodeGear began 



its 3rdRail effort by examining 
the Rails workflow. 

Joe McGlynn, director of 
product management at Code- 
Gear, said his team found that 
"the state of the art today for 
building Rails applications is a 
command line and a text editor. 
It turns out to be a very produc- 
tive way to work. But we thought 
we could improve on that. We 
started building features that 
embodied that mode of working 



within the IDE. One is the 
CodeGear Commanders. If 
you're a new user, you probably 
don't know all those [command 
line] commands. We pulled the 
command line into the IDE and 
added command completion." 

3rdRail also adds more pow- 
erful refactoring tools than other 
Ruby IDEs offer, McGlynn not- 
ed, explaining that it was diffi- 
cult for the team to build true 
multifile refactoring capabilities 



when working with a dynamic 
language such as Ruby. But in 
the end, he added, the effort was 
a success. 3rdRail also includes a 
dependency checker, and tools 
to help developers find the 
methods and tests that are rele- 
vant to their work. 

With 3rdRail versions due for 
Linux, Mac OS X and Windows, 
the CodeGear development 
team found itself in a position to 
solve another Ruby on Rails 



problem: installation. Although 
installing the framework and 
environment has always been 
relatively easy under Windows, 
McGlynn pointed out that Linux 
and Mac OS X have unique 
dependencies and installation 
requirements. But the 3rdRail 
team managed to find a way to 
install the necessary files and 
support infrastructure for Ruby 
on Rails on each of these plat- 
forms. The installer can also load 
MySQL and CodeGear's own 
Interbase database, which is 
available here for the first time 
on Mac OS X. I 



RAD Studio 2007 Delivers Delphi 



BY JEFF FEINMAN 

Looking to help developers 
build Windows and Web appli- 
cations more quickly, CodeGear 
in September released Code- 
Gear RAD Studio 2007. 

RAD Studio is the compa- 
ny's rapid application develop- 
ment (RAD) environment for 
Microsoft Windows, and the 
2007 release delivers the com- 
pany's Delphi for Win32 RAD 
tool, C++ Builder and Delphi 
.NET 2.0 development in a sin- 
gle, integrated environment. 



The company claims that it is 
the only IDE that supports 
rapid application development 
of both native Microsoft Win- 
dows and .NET applications on, 
and for, Windows 2000, Win- 
dows XP and Windows Vista. 

New in RAD Studio 2007 is 
enhanced Delphi support for 
the Microsoft Vista Aero UI, 
Delphi compatibility with 
Microsoft .NET 2.0 and 
ASP.NET 2.0, and the ability in 
Delphi for .NET to use any type 
of data structure as a parameter. 



BlackFish SQL, CodeGear's 
SQL-compliant transactional 
database, is fully integrated with 
the new version of RAD Studio. 
Developers can use RAD Stu- 
dio's Data Explorer to manage 
their Blackfish databases, 
according to company officials. 

RAD Studio 2007 also adds 
Enterprise Core Objects, which 
is a .NET model-driven devel- 
opment framework. Enterprise 
Core Objects allows developers 
to use diagrams to build objects 
and object relationships. The 



dbExpress 4 database, Code- 
Gear's single-source Windows 
database infrastructure, can 
now work with RAD Studio. 

"Just as the Windows plat- 
form and the Web are continual- 
ly evolving, CodeGear's Delphi 
and C + + products are also 
evolving to help developers take 
advantage of these changes, cre- 
ating new opportunities for both 
ISVs and client/server develop- 
ers," said Nick Hodges, Delphi 
product manager at CodeGear. 
"CodeGear RAD Studio 2007 
has new features for developers 
interested in high-performance 
Windows applications." I 
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SOA Software Adds Governance to BizTalk Server R2 

WorkBench uses a Microsoft toolkit to build Web services governance 



BY DAVID WORTHINGTON 

Microsoft often relies on part- 
ner ISVs to extend the out-of- 
the-box functionality to meet 
the requirements of enterprise 
customers. The latest example 
comes in the realm of SOA 
governance, where with the 
release of BizTalk Server 2006 
R2, Microsoft has partnered 
with SOA Software to offer 
essential governance features 
for BizTalk. 

SOA Software WorkBench 
was released simultaneously 
with BizTalk R2 on Sept. 11, and 
adds capabilities such as closed- 
loop governance, dynamic policy 
enforcement and implemen- 
tation, trust mediation and 
bridging, and uniform policy 
management to BizTalk Server. 
(See "BizTalk 2006 R2 Ready to 
Walk the Walk," page 34. ) 

WorkBench also integrates 
with Microsoft's new ESB Guid- 
ance Toolkit. The ESB toolkit 
provides hooks for WorkBench 
to monitor and manage policies 
for the BizTalk platform, said 



Roberto Medrano, executive 
vice president of SOA Software. 

Microsoft is separately dis- 
tributing WorkBench's Man- 
agement Point module, to man- 
age and collect data from within 
the .NET platform to be gov- 
erned by SOA Software s prod- 
ucts, Medrano added. 

David Pawloski, product 
director at SOA Software, 
explained that WorkBench is a 
role-based access device with 
governance capabilities at both 
design time and runtime. It 
integrates with Visual Studio 
and is a native component in 
the BizTalk palette, replacing 
the default pipelines in order 
to intercept and monitor mes- 
sages. 

"Developers build the flow 
they are used to using; it's non- 
invasive, and there are no extra 
lines of code required," said 
Pawloski. 

WorkBench also integrates 
on the back end to look for 
faults outside of BizTalk and 
correlate back for exception 
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SOA Software's WorkBench integrates with Visual Studio; SOA filters drop into flows. 

handling and management, he solution and Microsoft's BizTalk security, mediation and man- 
added. Server 2006 R2 provides cus- agement," said Steven Martin, 
"The combination of SOA tomers with an enterprise-class director of the Connected Sys- 
Software's SOA Governance solution for SOA governance, terns Division at Microsoft. I 
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Coverity SATs Not Merely Academic 

New analysis technique identifies broader constructs with fewer false positives 



BY DAVID WORTHINGTON 

In the 1970s there was Lint, a 
static source code analysis tool 
that flagged suspicious con- 



structs in C code; false positives 
were common then, but mod- 
ern tools can identify a broader 
range of constructs — with far 



fewer false positives. 

Coverity added a completely 
new type of source code analy- 
sis engine to its Prevent SQS 



software quality system, in an 
update released on Sept. 19. 
Prevent SQS uses a technique 
called SAT (from Boolean Satis- 
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fiability). Unlike many tools, 
SAT is not based on data flow 
analysis. 

Rather, it complements 
Coverity's data flow analysis 
engine. SAT is concerned with 
whether a Boolean expression 
has a solution. 

Coverity Prevent SQS maps 
code, and identifies and 
resolves defects. It automati- 
cally builds a "Software DNA" 
map to understand the code 
and break down languages 
such as C. It then translates 
the map into relevant formulas 
for defect detection, applies 
bit-accurate reasoning and 
runs an assertion-based SAT- 
solver, chief technology officer 
Ben Chelf explained. 

According to a Coverity 
white paper, a SAT-solver "takes 
in a formula of variables under 
the operations and determines 
if there is a mapping of each 
individual variable to true and 
false, such that the entire for- 
mula evaluates to true." This 
method is meant to flag defects 
and reduce false positives. 

SAT was first used commer- 
cially in the electronic design 
automation industry for semi- 
conductor chip design, Chelf 
explained. "The hardware guys 
are way ahead of software," he 
added. 

The discovered defects fit 
into the same workflows as 
those discovered by customers 
or QA teams, Chelf said. The 
classes of defects Prevent SQS 
detects are buffer overflows, 
dead code, integer overflows 
and string overflows. 

Additional SAT solvers are 
slated for the next release of 
Coverity Prevent SQS. I 
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Qlipmedia.com Turns Developers Into John Madden 



BY ALEX HANDY 

At first glance, Qlipmedia.com is 
not a Web site that screams 
"enterprise software develop- 
ment." This video creation and 
hosting site is resplendent with 
the bright-colored buttons and 
smiley faces that you'd expect to 
find on a consumer site. But 
despite the kid-friendly appear- 
ance, Qlipmedia.com, which offi- 
cially launched on Sept. 10, offers 
QA managers a new way to show 
problems to remote developers. 

Qlipmedia's software is com- 
posed of a desktop application 
and a Web-based video-hosting 
site. Users of the desktop appli- 
cation can import images or 
capture screenshots of their 
workspaces. The application can 
capture sound with the comput- 
er's microphone, while users flip 
through their images, and then 
draw on top of them, like foot- 
ball analyst-legend John Mad- 
den does with a telestrator. 

The result is a communica- 
tion tool that eliminates the need 
for coordinated Web meetings 
and painful phone calls. "We 
used it to develop it," claimed 
Swamy Viswanathan, co-founder 
and vice president of products at 

Blueprint Adds 
Repository 

BY JEFF FEINMAN 

Requirements definition tools 
provider Blueprint released 
its collaboration-focused Re- 
quirements Center 2008 in 
September. 

Blueprint Requirements 
Center 2008 comes with the 
new Definition Server reposito- 
ry, designed for version control 
and configuration manage- 
ment. It also offers direct inte- 
gration to HP Quality Center. 

A new Blueprint Change 
Management module enables 
users to consolidate projects into 
a single baseline. The tool comes 
with a new graphical editor that 
Blueprint says makes it easier to 
build complex use case models. 

Matthew Morgan, chief mar- 
keting officer for Blueprint, not- 
ed, "We focus on ensuring that 
the content in requirements 
management is complete, accu- 
rate and rich, whereas require- 
ments management focuses on 
how it's going to be implement- 
ed, who is going to do it, and 
when are they going to get it 
done by." I 



Qlipmedia.com. He said that the 
company — founded by three 
men who worked together in 
previous Silicon Valley star- 
tups — uses an Indian develop- 
ment team to create its software. 
In the process, Viswanathan 



used the image capturing and 
illustrating to send those devel- 
opers instructions and critiques 
of their work. The tool is partic- 
ularly well suited to the develop- 
ment of GUIs, as Viswanathan 
demonstrated by drawing ar- 



toward the Qlipmedia 
application's buttons and con- 
trols while dictating instructions 
to make these the same size 
throughout the interface. 

Viswanathan said that the 
Qlipmedia service is free for 



consumers to use. The compa- 
ny has an enterprise version of 
the tool available as well, and is 
offering a 30-day free trial of 
that edition, which offers a 
more buttoned-down appear- 
ance in its interface. I 
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Microsoft, Novell Open Joint Facility 



BY DAVID WORTHINGTON 

Microsoft and Novell have 
announced that their joint devel- 
opment facility in Cambridge, 
Mass., is open for business. The 
facility will be home base for 



Microsoft and Novell engineers 
working to make SUSE Linux 
Enterprise and Windows Server 
more interoperable. 

"Todays lab opening is anoth- 
er indicator of the high priority 



that Novell and Microsoft are 
giving this collaboration," said 
Novell's Suzanne Forsberg, the 
Interoperability Lab manager. 
"This kind of technical interop- 
erability work requires disci- 



plined effort and dedicated 
resources, and that's what this 
lab is built around. Enterprise 
customers are demanding exact- 
ly the kinds of interoperable 
solutions that will be the focus of 
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this lab's work and output." 

The announcements come 
ahead of a decision by the 
European Union's Court of 
First Instance on Microsoft's 
business practices. The Luxem- 
bourg-based court is expected 
to rule on whether Microsoft 
illegally used its majority share 
in desktop operating systems to 
stifle the video and media play- 
er business. The Court of First 
Instance is the second-highest 
court in the EU. I 

Actuate Launches 
Community Web 
Site for BIRT 

BY DAVID WORTHINGTON 

Just as the free library was a 
boon to intellectual enlighten- 
ment, Business Intelligence and 
Reporting Tools (BIRT) promis- 
es to do the same for business 
visibility. But the Eclipse-based 
reporting system that integrates 
with Java EE applications to pro- 
duce reports requires communi- 
ty support to forge ahead. 

Actuate, the company that 
founded and co-leads the project 
on behalf of the Eclipse Founda- 
tion, has set out to provide the 
BIRT community with an online 
resource center. BIRT Commu- 
nity Exchange, which launched 
on Sept. 24, hosts BIRT-related 
articles, blogs, demos, designs 
and code, downloads, tips and 
tricks, tutorials and a Wiki. 

Nobby Akiha, senior vice 
president of marketing at Actu- 
ate, explained that the communi- 
ty site has been established to 
attract people that are already 
using BIRT, as well as new users. 
Akiha stressed that the most 
important part of the site is the 
DevX developer forum. There, 
developers can find ways to use 
and extend BIRT, he said. 

The BIRT architecture is 
composed of the Eclipse BIRT 
Report Designer and Design 
Engine, and available runtimes 
include a Report Engine, a 
charting engine and a Web view- 
er. BIRT reports are designed 
using Java and JavaScript. BEA 
Systems, Borland Software, IBM 
and XenSource have adopted 
BIRT as a reporting system. 

Actuate began work on 
BIRT three years ago at the 
behest of the Eclipse Founda- 
tion. Actuates strategy is to sell 
value-added software on top of 
the BIRT platform, Akiha said. 
The company shipped its first 
BIRT-based product in 2005. I 
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Aladdin Secures .NET 3.0 Application Code 



BY DAVID WORTHINGTON 

Companies that have a great 
deal invested in .NET applica- 
tions and want to protect the 
intellectual property within 
may feel as if they're trying to 
lock the barn door after the 
horse has escaped, or put the 
genie back in the bottle. 

Aladdin Knowledge Systems 
in early September released 
HASP SRM 2.5, a rights man- 
agement solution that the com- 
pany says will keep software 
source code away from prying 
eyes. HASP SRM s .NET enve- 
lope now supports .NET 
Framework 3.0, and integrates 
licensing processes with 
CRM/ERP systems. 

HASP SRM can protect the 
source code of .DLL, .EXE and 
.NET Framework 2.0 and 3.0 
files through code obfuscation 
and encryption, coupled with 
additional hardware- and soft- 
ware- based security, using don- 
gles and product activation, 
respectively. Developers do not 
have to modify source code to 
incorporate calls to the protec- 
tion system. 

Laila Allan, director of 

3TERA HITS GRID 
WITH APPLOGIC 2.1 

BY ALEX HANDY 

3Tera turned on version 2.1 
of its grid operating system 
for Linux in early September, 
updating AppLogic with 
administrative enhancements, 
multicore and multiprocessor 
support, and a new Web-based 
command-line console. 

AppLogic is a low-level 
operating system designed for 
scalability across grids. Devel- 
opers can build Linux stacks 
and deploy them onto these 
grids, thanks to AppLogic's 
compatibility with the Linux 
kernel. 

Aside from the administra- 
tive Web GUI improvements, 
version 2.1 introduces new 
reference applications intend- 
ed to help ease developers into 
the process of running their 
programs on top of AppLogic 
grids. 

In addition, version 2.1 now 
supports multi-CPU and 
multicore servers, and as a 
byproduct of this ability, 
grid nodes can now recognize 
more than 2GB of RAM, 
according to the company. I 



product management for 
Aladdin DRM business unit, 
said that HASP SRM is a busi- 
ness tool independent of the 
engineering process. It can be 
used to track license and pur- 



chasing updates and set license 
types, and now integrates with 
CRM systems to increase busi- 
ness visibility, she said. 

Aladdin's Business Studio 
Server API, a role-based tool 



for managing software license 
life cycles, opens up the possi- 
bilities for integration. For 
example, sales and marketing 
teams can use it to learn which 
modules are used more often, 



or what customer purchasing 
preferences may be. 

Aladdin also updated the 
Admin Control Center moni- 
toring and management tool, 
adding the ability to extract and 
view operating information for 
troubleshooting purposes; it 
can also generate diagnostic 
reports in HTML and XML. I 
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SmartDraw 2008 has automatic flowcharting to help users create business graphics. 

From Scrawling to Drawing 

SmartDraw.com adds no-spreadsheet charting 



BY JEFF FEINMAN 

Business graphics software creator 
SmartDraw.com announced in Septem- 
ber the release of SmartDraw 2008, 
which automates the creation of busi- 
ness graphics, such as flowcharts, mind 
maps and organizational charts. 

The latest version of the software 
program contains a number of new fea- 
tures, including automatic flowcharting 
and specialized templates that offer 
users a mold from which they can build 
business graphics. 

A feature called Express Charts 
allows the creation of charts and graphs 
without the need for a supporting 
spreadsheet. There are also new picture 
charts that use images to display data, a 



Live Map feature that captures live data 
from the Internet, and an integrated 
photo capability so that photos can be 
incorporated into business graphics. 

"We made selecting the right template 
even easier by creating a comprehensive 
encyclopedia of business graphics," said 
Paul Stannard, CEO of SmartDraw.com. 
"It lists every type of business graphic 
with a definition, an explanation of how it 
is used, and a SmartTemplate that can be 
used to create one." 

Stannard said that SmartDraw 2008 
is a good tool for users who aren't graph- 
ic experts and need help when laying out 
and designing graphics. With its auto- 
matic features, SmartDraw is able to 
take care of those functions, he said. I 



Quad-Core Opterons Launched 

New chips soup up VMware, Xen virilization 

As of the release on Sept. 10, Novell 
SUSE Linux Enterprise (using service 
pack one) running Xen virtualization sup- 
ports Rapid Virtualization Indexing, 
which is also known as nested paging. 
AMD this past spring released prelimi- 
nary benchmarks that indicated around 
20 percent performance increases when 
running SUSE Linux Enterprise 10 virtu- 
alized in Xen and utilizing nested paging. 

Diane Greene, co-founder and presi- 
dent of VMware, said that her company 
is readying software that takes advantage 
of AMD's virtualization technologies. 
"[Nested paging] allows things to run 
with less memory. We've seen this in our 
labs. We're also looking forward to the 
next generation of things we're doing, 
around live migration to different 
processor models and also around I/O 
virtualization," said Greene, speaking at 
AMD's Opteron launch event. 

AMD plans a 2.5GHz model of the 
new processors for December. I 



BY ALEX HANDY 

AMD has unveiled its long-awaited 
quad-core Opteron processors, formerly 
code-named Barcelona. While these 
new processors offer the benefits of a 
65-nanometer fabrication process, it's 
the virtualization enhancements that 
may prove most exciting to developers. 
The newest of these enhancements is 
the addition of Rapid Virtualization 
Indexing, a facility to translate virtual- 
ized memory addresses into their real 
memory counterparts more quickly. 

This new feature is part of the ever- 
expanding AMD-V — for virtualization — 
capabilities. In previous processors, 
built-in virtualization assistance was 
manifested in the form of live migration 
support for virtual machines running on 
older processors. Additional hooks were 
added to allow virtual machines to 
directly communicate with RAM and I/O 
controllers through a feature AMD has 
dubbed Direct Connect Architecture. 
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Get Your Mule on Demand 

MuleSource is testing an integration Web service 



BY DAVID WORTHINGTON 

If Web services were so easy to imple- 
ment, everyone would have done so. 
But for many organizations, it is simply 
easier to rely on time-tested manual 
processes such as FTP file uploads, 
than to navigate corporate firewalls and 
policies. 

On Sept. 17, MuleSource released a 
beta of MuleonDemand, a hosted sub- 
scription Web service that permits busi- 
nesses to integrate services with third- 
party and SaaS applications, using the 
Mule open source integration frame- 
work. The Mule framework is message- 
based and can be used as an enterprise 
service bus. 

The MuleonDemand beta permits 
companies to upload a CSV file or text to 
a listening agent, which parses contact 
information into XML and inserts it into 
Salesforce.com. The service supports a 
broad range of messaging protocols, 
including e-mail, Java Message Service, 
MQ Series, Representational State Trans- 
fer, SOAP and Web services. 

MuleonDemand users map fields 
using the service's browser-based front 
end. A map is created once and stored; 
every time a CSV file is sent, the fields 



are matched. Data passes through Mule- 
Source's servers and is logged to create 
an audit trail, but not stored. 

As the MuleonDemand service 
evolves, schemas will be provided for 
popular Web services, including Siebel 
CRM OnDemand and SugarCRM. 

MuleSource chief executive officer 
Dave Rosenberg explained that the pri- 
mary use cases were people that run the 
Mule gateway server that talk to the 
cloud, versus integration in the cloud 
itself. 

An internal beta under development is 
geared toward e-commerce and will pro- 
vide third-party mediation between part- 
ners, Rosenberg noted. 

MuleSource is evangelizing Mule 
with MuleForge, a collaborative devel- 
opment Web site for Mule extensions 
and applications built by the Mule com- 
munity and MuleSource partners. The 
site launched Sept. 4, and hosts more 
than 40 projects at this time. 

MuleForge features source control 
through Subversion, continuous builds 
through Bamboo, issue tracking through 
JIRA, a Web-based Java EE application 
for bug and issue tracking, and a docu- 
mentation wiki. I 
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A console helps track which users are mapping files, and if it's done successfully. 



PROJECTKOACH 
OPENS UP TO 
ANOTHER PROCESS 

BY DAVID RUBINSTEIN 

Good Software has announced that Pro- 
jectKoach 2007.2, its free project man- 
agement software, now supports the 
OpenUP process created from the 
Eclipse Process Framework efforts. 

OpenUP is gaining momentum, 
according to Good Software founder 
Bjorn Gustafsson, as people look for 
something lighter than the Rational Uni- 
fied Process from which OpenUP was 
spawned, and as organizations that cur- 
rently have no processes in place look to 
gain a little discipline. "It's relatively 



small and easy to grasp to get a small 
team going," he said. The combination 
of OpenUP and ProjectKoach, he 
added, aligns with agile development 
processes in place in organizations today. 

ProjectKoach will support OpenUP 
in its Smart Process capability by 
bundling a configuration that includes 
descriptions of how to perform OpenUP 
tasks in ProjectKoach, Gustafsson said. 
There also are two templates for 
OpenUP projects to help teams get 
started. "Process is an integral part of 
our daily project activities, be it an 
explicit process or just tacit knowledge," 
Gustafsson said in a statement accompa- 
nying the product release. 

Gustafsson hinted at a commercial 
release sometime next year for tools sup- 
porting OpenUP, noting that most 
Eclipse tools are aligned with IBM's 
Rational Unified Process. I 
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BizTalk 2006 R2 Ready to Walk the Walk 



BY DAVID WORTHINGTON 

For months, Microsoft talked up 
BizTalk Server 2006 R2. It 
became generally available on 
Sept. 11, with improvements 
made to its communication, inte- 



gration and RFID capabilities. 

Biz Talk 2006 R2 ships with 
.NET Framework 3.0, which 
provides Web services integra- 
tion using features found in Win- 
dows Communication Foun- 



dation (WCF), a component 
introduced earlier this year as 
part of Windows Vista. The 
framework includes support for 
the WS-* specifications, making 
it interoperable with other Web 



applications and services. 

Microsoft also released what 
it calls an ESB Guidance Toolkit, 
furthering its Web services 
thrust. The toolkit provides 
architectural guidance, patterns, 
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practices and a set of BizTalk 
Server and .NET components 
that ISVs can use to develop an 
enterprise service bus (ESB) 
using Microsoft technology. The 
toolkit is available free of cost at 
Microsoft's CodePlex Web site. 

What's more, Microsoft Biz- 
Talk Labs is tooling away on a 
hosted version of its ESB plat- 
form that it refers to as an IS B, 
or Internet Service Bus, to 
complement its on-premise 
software. The ISB offers cus- 
tomers WCF-based connectivi- 
ty services, identity services and 
a software development kit. 

R2 is also central — quite lit- 
erally — to Microsoft's nascent 
RFID strategy, positioned by 
the company at the heart of an 
integrated stack of RFID data, 
back-end systems and line-of- 
business applications. To fur- 
ther its adoption, Microsoft will 
offer industry-specific supply- 
chain solutions. 

MAKING CONNECTIONS 

Steven Martin, director of the 
Connected Systems Division at 
Microsoft, explained that his 
group is working to create a 
standard interface for .NET 
developers to connect with 
back-end applications, dubbed 
the BizTalk Adapter Pack. 

That pack has data providers 
for ADO.NET, Oracle and 
Siebel applications, and can be 
extended to connect to Web ser- 
vices that are standards compati- 
ble with the WCF. Microsoft has 
published interoperability sam- 
ple code onto CodePlex that 
demonstrates how to intemper- 
ate with Java EE applications. 

The pack is not slated for 
delivery until the first half of 
2008, but is available today as a 
preview through Microsoft's 
Technology Adoption Program. 

The release includes a new 
addition to the BizTalk family, 
the Branch Edition. It permits 
a hub-and-spoke approach to 
deployments, which takes into 
consideration events that affect 
business processes that do not 
occur at the home office. The 
Branch Edition uses a local 
BizTalk repository that relies on 
a central installation of BizTalk 
Enterprise Edition, and lacks 
the Enterprise Edition's devel- 
opment tools. 

As an incentive, BizTalk cus- 
tomers will also have the option 
to purchase a discounted SO A 
and Business Process Pack that 
includes Office SharePoint 
Server 2007, Visual Studio 
Team System and Microsoft 
SQL Server 2005. I 
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PHP Development Tools Project Hits 1.0 



BY ALEX HANDY 

The Eclipse Foundation released 
the final version of the PHP 
Development Tools (PDT) pro- 
ject on Sept. 18. Officially 
released as version 1.0, this set of 
Eclipse tools is designed to be 
accessible to newcomers, yet 
powerful enough to help with 
debugging and organizing PHP 
applications. IBM and Zend 
Technologies created the soft- 
ware under the Eclipse umbrella. 
Ian Skerrett, director of mar- 
keting for the Eclipse Founda- 
tion, said that the final release of 
PDT would only help to expand 
the reach of Eclipse as a whole. 
"This is the first project really 
targeted at PHP developers. 
This is great news for us, and it's 
a great way to expand the 
Eclipse community into the 
PHP community. There are 4.5 

Rally Provides 
Agility to 
Salesforce 

BY DAVID RUBINSTEIN 

Extending agility beyond devel- 
opment teams, Rally Software 
in mid-September announced a 
suite of products designed to 
provide collaboration for the 
AppExchange environment 
hosted at Salesforce.com. 

AppExchange is where indi- 
viduals or organizations can 
develop, assemble and have 
hosted their applications, and 
now Rally is making available 
agile tools for that development, 
according to Ryan Martens, 
Rally's founder and CTO. 

Making up the new suite are 
Rally Support Connector, Rally 
Community Manager and Rally 
Product Manager, which is 
expected to be updated in Octo- 
ber. The goal, Martens said, is to 
provide visibility into the devel- 
opment phase of problem reso- 
lution, as well as to assist in pri- 
oritization of tasks. 

Support Connector is de- 
signed to enable application 
support staff to communicate 
feature requests and defect 
alerts within the Salesforce 
platform. Community Manager 
is a collection of Web 2.0 ser- 
vices such as portals put togeth- 
er for customer support and 
developer collaboration. Prod- 
uct Manager assists managers 
in planning for product and ser- 
vice releases based on feedback 
given into Salesforce. I 



million PHP developers out 
there," said Skerrett. 

Yossi Leon, PDT project lead 
and a product manager at Zend, 
said the PDT brings the stan- 
dard IDE capabilities to PHP, 
including syntax highlighting, 



inspection capabilities and 
debugging helpers. These capa- 
bilities allow developers "to 
inspect different PHP content 
and provides the information in 
a dedicated view called the pro- 
ject outline," said Leon. "You 



can see all the functions and all 
the classes you have in the dif- 
ferent PHP files. We also creat- 
ed a PHP explorer view. [In it] 
you can manage the different 
PHP projects you have." 

The PDT project is based on 



the existing Eclipse Web Tools 
Project. Thus, developers work- 
ing with PHP can edit their code 
in files that also contain HTML. 
Leon stated that future 
additions to the PDT project 
could include further integra- 
tions with the task-focused 
Mylyn UI, as well as the Data 
Tools Project. I 
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ISO Says 'No' to Office Open XML 



< continued from page 1 

for fast-track approval. Part of 
the time since then was spent 
clearing Open XML through a 
contradiction phase, when pos- 
sible conflicts with other stan- 
dards could be submitted. 

Five months of intense 
debate and lobbying came to a 
close when two requirements 
were not met: OOXML failed to 
muster a three-quarters super- 
majority of ISO voting members, 
and more critically, could not 
gain the support of two-thirds of 
"P-members," participants in the 
technical committee. 

Among participating mem- 
bers, the defeat for Microsoft 
was pronounced; only 17 of 32 
ballots were cast in favor of the 
OOXML proposal, well short of 
the 25 yeas needed. That was 
enough to put OOXML on ice, 
even though the general mem- 
bership balloting was close: Out 
of the 87 ISO members that 
responded to the ballot, 51 voted 
in favor of the proposal, while 18 
voted against it and 18 abstained. 
Of those members that voted 
yes, 17 did so with comments. 

Tom Robertson, general 
manager for interoperability 
and standards at Microsoft, 
looked at the bright side of the 
ballot results. "We are extreme- 
ly delighted to see that 51 ISO 
members, representing 74 per- 



cent of the qualified votes, have 
already voiced their support for 
ISO ratification of Open XML, 
and that many others have indi- 
cated they will support ratifica- 
tion once their comments are 
resolved in the next phase of 
the ISO process," he said in a 
prepared statement. 

The next step is for Ecma 
Technical Committee 45 
(TC45), the group steering 
Open XML, to address com- 
ments made by ISO members 
during the review of the specifi- 
cation. The proposal must now 
be revised before ISO reconsid- 
ers its approval as a standard. 

The ISO/IEC JTC 1 subcom- 
mittee for document description 
and processing languages (SC 
34), will convene on Feb. 26, 
2008, to discuss the comments 
during a ballot resolution meet- 
ing. ISO members that voted 
against Open XMLs approval 
will be able to withdraw their 
negative votes at that time. The 
objective of the February meet- 
ing is to reach consensus on what 
modifications should be made. 

Frances Association Fran- 
gaise de Normalisation, an 
organization that represents 
French interests among stan- 
dardization authorities, pro- 
posed splitting the OOXML 
standard proposal into compo- 
nents dubbed OOXML-Core 




A rogue employee did not affect 
the outcome of the vote, says 
Microsoft's Matusow. 

and OOXML-Extensions, and 
thereby isolate proprietary 
nuances that cover backward 
compatibility with legacy Mi- 
crosoft Office documents. 

The core proposal could be 
compatible with Open Docu- 
ment Format (ODF), a com- 
peting group of document 
specifications that has been 
recommended by both ISO 
(ISO/IEC 26300) and the Orga- 
nization for the Advancement 
of Structured Information 
Standards (OASIS). 

Microsoft's Robertson agreed 
that technical input would 
enhance the standard and 
believes that a second vote, 
scheduled for Feb. 25-29, at the 
close of the ballot resolution 



period, will result in Open 
XMLs approval. 

Gartner research vice presi- 
dent Mark Driver said that 
ISO's rejection of OOXML 
gives ODF more momentum, 
and could lead customers to 
view ODF as more of an incum- 
bent. But Driver did not dis- 
count OOXML, noting that 
vendors drive standards. 

"In a perfect world, all the 
[standards] would come in from 
vendor-independent consortia 
and groups. In reality, this has 
not worked; vendors can move 
ahead of standards and do not 
get bogged down in the bureau- 
cracy of working groups. Ven- 
dors can come back and have 
something standardized, or 
promote it in a more generic 
fashion," Driver remarked. 

Driver added that a capacity 
for abuse exists and standards 
bodies must have a watchdog. 
"I am personally aware of ven- 
dors entering into standards 
bodies just to hijack the 
process, or to slow it down [so 
they can] catch up," he claimed. 

STUFFING THE BALLOT BOX? 

Technical nuances aside, irreg- 
ularities prompted SIS, the 
Swedish Standards Institute, to 
invalidate its vote and cast an 
abstention. Microsoft was 
accused of attempting to influ- 



BEA's Future Based in Registry Repository 



< continued from page 1 

Flashline, which the com- 
pany acquired just over a 
year ago. 

Bill Roth, vice president 
of BEA's tools group, used 
an analogy from digital 
photography to explain why 
the registry and repository 
are the two most important BEA is banking on a single collaborative 
building blocks for devel- workspace, built around the Web and Eclipse, 

to connect all the appropriate pieces of an IT 
business infrastructure. 




Source: BEA 



opers looking at BEA's soft- 
ware. "Today, when the 
chief architect at a large 
Midwestern retailer builds out 
her enterprise architecture, the 
way she communicates that to 
her developers is she prints it out 
and walks it over to them. If they 
look at it, they don't always take 
and implement it with the high- 
est fidelity. If you have them 
working off of the same data in 
the same tool, the process will be 
much less lossy," said Roth. 

He added that the repository 
and registry help ease pain 



points around "the duplication 
of assets, the inappropriate use 
of assets, and forking or inap- 
propriate versioning. One of the 
biggest problems that you have 
in a service network is the pro- 
liferation of rogue services. Cus- 
tomers have told me they have 
hundreds and hundreds of ser- 
vices, and that's when they need 
the registry." 

Thanks to a new agreement 
with Adobe, BEA developers 



may soon be storing Flex 
applications in those repos- 
itories. Under the agree- 
ment, BEA will include 
Adobe Flex Builder 2 with 
new copies of BEA Work- 
shop Studio. Adobe, on the 
other hand, will distribute 
evaluation licenses for 
BEA's Web Logic Server 
with newly purchased 
copies of Adobe LiveCycle 
Enterprise Suite. The 
agreement means that 
developers building RIAs that 
work with Web Logic and Aqua- 
Logic deployments will be able 
to easily use Flex as the basis 
for such applications. 

But new software wasn't the 
only news from BEA at the show. 
The company revised the pricing 
models for its Web server Java 
container. Whereas before, pric- 
ing was based on the number of 
physical CPUs in a server run- 
ning BEA software, the company 



will now charge based on the 
number of software instances in 
use. This change is expected to 
mean higher prices for cus- 
tomers making extensive use of 
virtualized servers, but lower 
prices for customers running a 
single instance of BEA software 
on dedicated hardware. 

A DIFFERENT WORLD 

BEA's conference at the 
Moscone West convention cen- 
ter was held in the shadow of 
VMware's VMworld, which was 
taking place in the North and 
South halls. BEA took the 
opportunity to show off its 
visualization wares, where 
it demonstrated virtualized 
servers based on BEA software 
that included only the barest of 
essential operating system com- 
ponents. These miniature VMs 
can be provisioned and spun off 
into virtual hosts, thus saving 
memory and resources. I 



ence the vote, by enticing its 
partners to join SIS in exchange 
for kickbacks. Suspicions were 
raised when 23 new members 
joined SIS the day before its 
vote to recommend OOXML. 

Microsoft's corporate stan- 
dards director Jason Matusow 
addressed the situation in his 
blog on Aug. 31. Matusow 
explained that a single Micro- 
soft employee in Sweden 
crossed a line by sending e- 
mails to partners requesting 
that they join SIS and noting 
that Microsoft would act to off- 
set the membership cost. 

According to Matusow, the 
unnamed employee acted in a 
manner that was inconsistent 
with company policy, and 
immediately contacted the part- 
ners via e-mail and telephone 
after he realized what he had 
done. Matusow insisted that the 
process and the vote at SIS were 
not affected. 

"If Open XML is to be 
approved for standardization at 
JTC1, it needs to do so by the 
book," he wrote. "We may all 
disagree about the book. . .but it 
is critical that these activities 
remain within the realm of eth- 
ical behavior as well as behavior 
defined by the rules for the 
JTC1 process." 

In his version of the Swedish 
affair, Matusow noted that both 
IBM and Microsoft contacted 
SIS members and urged them 
to join the voting process, in 
accordance with the rules. 

"In Sweden and elsewhere we 
have had discussions about Open 
XML with both National Body 
members and other partners 
directly. Some of these organiza- 
tions have shared with us that 
IBM has approached them on 
this topic as well. This is not sur- 
prising as most of these organiza- 
tions maintain relationships with 
both IBM and Microsoft," Matu- 
sow wrote in an e-mail. 

Spokesperson Ari Fishkind 
said that IBM did not believe 
that responding to Matusow 
added any value to the discus- 
sion of a single international 
document format. 

Gartner's Driver was not 
surprised by the outcome and 
said that whenever a group like 
ISO has a legitimate complaint, 
it has to err on the side of open 
disclosure. "If they had not 
pushed back, they would have 
created a precedent where they 
would have lost trust." I 
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MontaVista Putting Penguins in Pockets 



BY P.J. CONNOLLY 

The mobile Linux bandwagon is getting 
crowded. MontaVista Software was to 
announce on Sept. 26 the second engi- 
neering drop of Mobilinux 5.0, the com- 
pany's embedded operating system tar- 
geted at the mobile device market. This 
latest version of the platform includes 
new power management features, 
increased driver support, and support for 
Bluetooth, USB and WiFi connectivity. 

MontaVista claims that the new 
release can boot in under five seconds, 
and likewise resumes from sleep and 
shuts down quickly. The Mobilinux 
update also incorporates the Linux 
2.6.21 kernel, and integrates real-time 
patches, including high-resolution 
timers, threaded hardware and software 
IRQ, as well as preemptive real-time 
behavior. Mobilinux provides all of this 
in a package with a footprint that the 
company measures at just under 3MB. 

MontaVista isn't shy about pointing 
out its contributions to the Linux ker- 
nel, either: According to the company, 
more than 90 percent of Linux mobile 
phones run its stack. In the 2.6.21 ker- 
nel, MontaVista claims responsibility 
for 291 changes, adding to its work in 
real-time behavior and extending plat- 
form support. 




Monitoring and logging tools in Mobilinux 5.0 allow real-time views of a system, as well as 
offering playback of previous test runs. 



Even though that accounts for only 
one-half of 1 percent of the changes, that 
ranks between the contributions of 
Hewlett-Packard and Oracle on one 
hand, and those of storage providers such 
as Veritas and Q Logic on the other, 
according to a list of contributors pub- 
lished at the Linux Symposium in June in 



Ottawa. Wind River didn't even make the 
list, being somewhat new to this space. 

MORE THAN A BEEPING 

Remember when mobile devices had 
plain LCD screens and made a handful of 
beeps, and that was it for entertainment? 
Well, those days are long past, and Mobil- 



El inux 5.0 is attempting to meet the 



demands of end users for a better multi- 
media experience by including the 
Gstreamer framework and adding the 
ALSA (Advanced Linux Sound Architec- 
ture) drive technology. The company is 
also including a GIMP toolkit for use with 
the DirectFB (Direct Frame Buffer) 
environment. 

MontaVista designed Mobilinux Edi- 
tion 5.0 to work with a variety of system 
designs, from single processors through 
multicore devices with dedicated 
cores — as seen in IBM's Cell proces- 
sor — and at the high-end, symmetric 
multiprocessing deployments. Monta- 
Vista is using the Texas Instruments 
2430 as a reference platform for Mobil- 
inux 5.0; plans exist to make it available 
for the TI 3430, as well as hardware 
from Freescale and Marvell. 

While working steadily to meet the 
Nov. 15 ship date for Mobilinux 5.0, Mon- 
taVista is discussing — albeit briefly — its 
plans for Mobilinux 6.0, which is slated for 
late 2008. It will focus on security features 
and interoperability, incorporating the 
requirements drawn up by MontaVista 
and its partners in the LiMo Foundation, 
which was set up at the beginning of this 
year to promote the development of Lin- 
ux for mobile devices I. 



QNX Opens Source for Neutrino, Other Tools 



BY P.J. CONNOLLY 

Transparency in business and govern- 
ment is all the rage, and even businesses 
are beginning to see the value of opening 
up their development processes. QNX 
Software Systems has seen the light and 
in mid-September announced that it was 
opening access to the Neutrino real-time 
operating system and other components. 
Developers can do more than look at 
the source code, according to the 



Ottawa-based-company. Should they 
decide to extend, improve or modify the 
source, they have the option of con- 
tributing their changes back to QNX and 
the community, or keeping their 
changes private. This is part of a new 
hybrid development model that QNX is 
using, one that mirrors the participatory 
nature of the open source community. 

Dan Dodge, CEO of QNX, noted 
that "both commercial and hobbyist 



developers will have unprecedented 
access to the 'crown jewels' of our soft- 
ware." 

The first wave of source releases in 
QNX's new scheme includes the Neutri- 
no microkernel, the base C library, and a 
range of board support packages for 
common hardware platforms. Eventual- 
ly, the company expects to release most 
of its code under the hybrid model. 

QNX also launched its Foundry27 



community portal, aimed at supporting 
the Neutrino RTOS and the company's 
Momentics IDE, as well as new commu- 
nity projects. Portal users have access to 
most QNX products with source code. 

Noncommercial and academic devel- 
opers are likely to appreciate the new 
order, as they will be allowed to use 
QNX's tools for free. But the company 
isn't giving away all of the farm: Com- 
mercial use of Neutrino will continue to 
incur royalty charges, and commercial 
developers are still obligated to pay for 
Momentics seat licenses. I 



FINGERPRINTS 
REACH NEW LEVEL 
WITH NEW SDK 

BY P.J. CONNOLLY 

In the world of biometrics, fingerprint- 
based authentication is James Bond, but 
fingerprint-based identification is 
straight-on Buck Rogers, in terms of the 
task's complexity, as well as the suitabili- 
ty of existing tools for the task. At least, 
that's been the case until recently, but 
Digital Persona's new One Touch I.D. 
SDK attempts to bridge the gap 
between science fiction and reality. 

The SDK, launched in July, extends 
the functionality of the company's Gold, 
Gold CE and Platinum SDKs by 
enabling fingerprints to be used as an 
identifier, and permitting high-speed 



searches against a collection of enrolled 
fingerprints. The company claims that in 
a data set of 1,000 identities, a finger- 
print will return a user ID in less than 
two-tenths of a second. 

The One Touch I.D. SDK allows the 
use of two-finger identification, which 
results in higher levels of accuracy and 
security. It also allows the simultaneous 
use of multiple databases, which is 
intended to provide a scalable data envi- 
ronment with speedy response. 

Maintenance can be a chore with fin- 
gerprint recognition, and Digital Per- 
sona attempts to address some of the 
burning issues with the new SDK. For 
example, it supports the use of so-called 
expiration templates that limit the valid- 
ity of an enrolled fingerprint to one or 
three years. It also provides database 
clean-up features that the company 
claims eliminate fraudulent users and 
redundant records. I 



WELCOME 

TO THE MACHINE 

National Instruments and the Lego 
Group announced the release of the 
latest software update for the Lego 
Mindstorms NXT robotics platform, 
which overhauls memory usage on 
the NXT Intelligent Brick, and 
adds support for Windows Vista 
and Intel-based computers 
running Mac OS X. 




The update 

remains compatible with 
the Nl LabView Toolkit 
for the platform. 
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H4 tool just for Java developers, 

I ' J Eclipse has quickly embraced 

-U-A newer languages such as PHP, 

Python and Ruby — as well as older ones 

like Ada, COBOL and C. 

But when it comes to enabling native 
Linux development, Eclipse isn't moving 
as fast. It's not uncommon for applica- 
tions originating from Eclipse to target 
Linux servers, but few are developed 
under the open source operating system 
itself, said Forrester analyst Jeffrey 
Hammond. In fact, only 9.6 percent of 
Eclipse download requests are for the 
Linux platform, compared with 86.7 per- 
cent for Windows, according to recent 
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Given 
among the 
efforts, it's ironic that to date there is so 
little synergy between them. SD Times 
asked a handful of Eclipse and Linux 
experts why this is so, and also got them 
to weigh in on where future Eclipse/Lin- 
ux growth is likely to come from. 

One reason for the relative lack of 
Eclipse tools for Linux is that traditional 
Linux developers don't want them, the 
experts said. These developers have long 
worked with command-line offerings, 
and they aren't inclined to make the leap 
to an IDE, the experts said. As new, 
younger Linux developers — brought up 
on IDEs — emerge from colleges and 
universities, they are expected to 
embrace Eclipse. But in order to attract 
and retain these younger developers, 
Eclipse must be fine-tuned to work bet- 
ter with each of the different Linux dis- 
tributions, the experts said. 

Eclipse is expected to boost Linux 
development overall, but growth won't 
come from native linux development per 
se. Instead, it will likely result from the use 
of Eclipse as a cross-platform develop- 
ment environment, where an application 
can be written without hard-coding it to 
any one operating system, the experts said. 

"That's good for Linux," said IBM 
open source and Linux marketing strate- 
gy manager Adam Jollans. "Cross-plat- 
form makes it easy and cost-effective for 
ISVs and other developers to target Lin- 
ux and Mac OS in addition to Windows." 



WHAT'S HINDERING 

THE ADOPTION OF ECLIPSE ON LINUX? 



Eclipse runs on Linux, but getting it to integrate well— essentially to take on the 
Linux way of working— remains a challenge. The Eclipse on Linux project, made up 
of participants from the key Linux distributions, including Debian, Fedora, Gentoo, 
Novell, OpenSUSE, Red Hat and Ubuntu, was launched in December 2006 to take on 
that task. Key issues the group plans to address include: 

• Simplifying the creation of Eclipse packages for Linux platforms, and standardiz- 
ing the process for doing so across multiple distributions of Linux. In other words, 
use Linux package management methods to distribute Eclipse. 

• Enabling the Eclipse Update Mechanism to work with the Linux multi-user system 
model. Geared to Eclipse, the update mechanism assumes it's working with a sin- 
gle-user system. 

• Providing better integration options with Linux systems and methodologies, such 
as Linux system libraries, GNU Autotools and RPM, as well as better support for 
scripting languages like Perl and Python. 

• Working with the open source community to promote the adoption of Eclipse on 

Linux. 

Sources: www.eclipse.org/proposals/linux-distro, wiki.eclipse.org/index.php/Linux_Distributions_Project 



Hammond agreed that the use of Eclipse 
for cross-platform development is where 
future Linux growth lies. "The important 
thing is that Eclipse become a good envi- 
ronment for targeting Linux." 

THE NEW LINUX DEVELOPER 

Long interesting to the very technically 
proficient, Linux must begin appealing 
to a broader pool of Linux developers, 
said Eclipse Foundation director Mike 
Milinkovich. "To be completely honest, 
hard-core developers [building Linux 
applications] aren't going to use Eclipse." 
They have relied on command-line tools 
such as the text editors Emacs and vi for 
years and years, and those tools are 



ingrained in their culture, he said. "But 
having modern tools like Eclipse is an 
important enabler for the future growth 
of Linux." 

Hammond agreed that vi and Emacs 
diehards don't use IDEs, but added, 
"Even the most talented among us age. 
The number of developers skilled in 
command-line tools will decline, and as 
new committers come on board, there 
will be a changing of the guard." 

Addressing the needs of that new 
guard is what Novell senior software 
engineer Matt Ryan had in mind when 
he wrote the proposal for Eclipse on 
Linux, a project adopted by the Eclipse 
continued on page 42 ► 
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Can Linux Get a Lift From Eclipse? 



? 



< continued from page 41 

Foundation in December 2006. "Eclipse 
hasn't enjoyed the type of success on the 
Linux platform that one might expect," 
Ryan noted in the proposal. "The open 
source heritage of both Eclipse and Lin- 
ux would lead one to assume that 
Eclipse would be highly successful on 
Linux, but [that hasn't happened]." 

Eclipse on Linux (also known as the 
Linux Distros project) aims to change 
that by promoting the adoption of 
Eclipse as an application development 
environment for Linux. Eclipse is 
included in all of the available Linux dis- 
tributions today, noted Milinkovich. 

That's a step in right in the right 
direction, but isn't enough to get most 
next-generation Linux developers to 
start using Eclipse, Ryan told SD Times. 
These younger developers have a differ- 
ent mindset than their predecessors, he 
said. "They see Linux as a strategic plat- 
form for conducting business." And in 
order to use it effectively within Eclipse, 
they need some help, he added. "They 
want a version of Eclipse that's pack- 
aged, tested and [sealed with] a stamp of 
approval for the Linux distribution they 
are using." 

The problem isn't that Eclipse 
doesn't run on Linux — it actually runs 
well, said Ryan. The issues that arise 
have to do with how Eclipse is installed 
on the developer's system, and how it is 
managed once it is installed. 



"Eclipse was built with the assump- 
tion you are using a single-user system 
[such as Windows]," explained Red Hat 
senior software engineer Andrew Over- 
holt, a key contributor to the Linux Dis- 
tros project. Among the issues the pro- 
ject is addressing is a standard way of 
building applications from source code, 
and adapting the Eclipse update mecha- 
nism so that it works with the Linux 
multi-user system model, he said. 

A key goal of the project is to fine- 
tune Eclipse for each Linux distribution, 
said Overholt, but he did not specify a 
time frame for completion. Forrester's 
Hammond noted that, to date, Eclipse is 
packaged as part of only one Linux dis- 
tribution: Red Hat-sponsored Fedora. 
Asked whether he expects use of Eclipse 
as a Linux development environment to 
grow, Hammond replied, "Yes — 
progress is steady but slow." 

TAKE NOTES, ISVS 

Real progress won't come from native 
Linux development in Eclipse. A more 
likely source of growth is the use of 
Eclipse as an underlying framework for 
applications software, not just develop- 
ment tools, such as those used for 
embedded projects. "Eclipse is emerg- 
ing as a basis for applications," said 
Milinkovich. 

A case in point is the most recent ver- 
sion of Lotus Notes, IBM's collaboration 
and messaging offering. "Notes 7.0 was 




Younger developers want a version of Eclipse 
that's stamped for approval for the Linux 
distribution they're using, says Novell's Ryan. 

hard-coded for Windows," said IBM's 
Jollans; a Mac OS X client was also avail- 
able. But for the 8.0 release, IBM 
rebuilt Notes, taking advantage of 
Eclipse as the underlying framework, he 
said. This allowed IBM to unify develop- 
er efforts and deliver a consistent user 
experience. 

"Notes 8 looks like Windows for the 
Windows version, and it looks like Linux 
for the Linux version," Jollans noted, 
although the Linux version, like the ear- 
lier Mac OS clients, lacks the specialized 
features of the administrator and devel- 
oper roles. A Notes 8 client for Mac OS 
X is planned as well, he said. 



Jollans said IBM singled out Notes for 
a cross-platform development effort 
because the company wanted to prove 
that approach can work "even for an 
application as complex as Notes," he said. 
"Notes is nontrivial. If it can work for 
Notes, it can work for other offerings." 

IBM believes that Eclipse-based 
development will convince ISVs to tar- 
get more than one operating system, Jol- 
lans said. "Most ISVs aren't going to 
develop a client application for Linux, 
when Windows has 80 to 90 percent of 
the market." But the cross-platform 
approach lets them increase the size of 
the markets they serve, while also reduc- 
ing the costs of developing for each mar- 
ket, he said. 

Jollans acknowledged that some fine- 
tuning is required to produce versions for 
three different operating systems. "But 
it's impressive to get the same environ- 
ment on all three: Linux, Mac and Win- 
dows," said Linux Foundation chief oper- 
ating officer Dan Kohn. "It works exactly 
the same on three different platforms." 

Asked how important Eclipse is to 
the future of Linux, he said: "I focus on 
the cross-platform aspect of it. Eclipse is 
a greater indicator of where apps are 
headed." Eclipse and Linux have a lot in 
common, he said. "They are both open 
source. If there is something you want 
[to develop], you don't start over from 
scratch. You just write the new feature 
on top of what's already there." I 



Linux and Eclipse: A Good Match for Embedded Developers 



BY JENNIFER DEJONG 

In the enterprise development arena, 
Eclipse and Linux have barely gotten 
together. But when it comes to writing 
embedded applications, the two walk 
hand in hand. "In our world, Linux is 
huge, and all the providers have Eclipse- 
based tools," said LynuxWorks vice pres- 
ident of marketing Robert Day. 

Eclipse-based IDEs have caught on 
among embedded Linux developers 
because the process of writing applica- 
tions to run on small devices, such as 
cell phones, is by its very nature more 
specialized and complex than creating 
enterprise applications, he said. "It's a 
two-phased thing. First, you have to get 
Linux running on the hardware. Then, 
you have to write the actual applica- 
tion." In that environment, it's more 
difficult to rely solely on command-line 
tools, such as the GNU offerings tradi- 
tionally favored by embedded Linux 
developers, Day added. 

Wind River Systems senior engi- 
neering manager Doug Gaff agreed. 
"Eclipse has lowered the barrier to 
entry for application development in 
Linux," he said. "When you work in a 



Linux development environment, you 
have to get up to speed on so many 
things." And Eclipse just makes it easi- 
er to get started, he said. 

Competition among cell phone 
makers and service providers has also 
given Eclipse a boost, said Day. "The 
market pressure is huge." The number 
of cell phones produced is phenome- 
nal, and getting new offerings out 
quickly is essential to staying in busi- 



ness. Given that scenario, relying on 
cell phone providers' software develop- 
ment kit is too time-consuming, even 
for highly skilled embedded develop- 
ers, said Motorola architect for devel- 
oper tools Christian Kurzke. "With 
SDKs, there is a barrier to entry. 
Developers have to integrate them 
with their own IDEs." 

Even though embedded Linux devel- 
opers have embraced Eclipse, command- 



line tools are not a thing of the past, said 
Wind River product line manager for 
Linux tools Sven Dummer. "There are 
still people who like to work with the 
command line, who like to work with the 
shell." That culture won't go away just 
because GUI tools are available, he said. 
"The two [cultures] will exist side by side. 
Many Linux developers like to switch 
between different tools. Freedom of 
choice is a high value for them." I 



UNDER WAY AT ECLIPSE 



Three projects that matter for Linux developers: 

C/C++ Development Tooling (www.eclipse.org/cdt): C/C++ is the 
language of choice for Linux developers, which makes CDT a 
key Eclipse project for that audience. The project delivered 
CDT 4.0 this summer, which, according to Wind River Systems 
senior engineering manager Doug Gaff, is "the best IDE out 
there for Linux development in general." 

Tools for Mobile Linux (www.eclipse.org/dsdp/tml): This project 
is essentially the Linux counterpart to Mobile Tools for Java, 
according to TML project lead Christian Kurzke, architect for 
developer tools at Motorola. Although it is still in the incuba- 
tion stage, its most significant contribution is expected to be 



mobile device emulation tools that simulate end-to-end 
environments for testing. Device emulation is crucial for 
embedded developers, who are often reguired to create mobile 
applications before hardware prototypes are available. 

PHP Development Tools (www.eclipse.org/pdt): Dynamic pro- 
gramming language PHP has a natural affinity with Linux, 
because PHP applications are designed for the Apache Web 
server, which runs Linux, said Zend product manager Yossi 
Leon, project leader for PDT. Still in the incubation phase, 
PDT was expected to deliver version 1.0 of the project last 
month. It will include an editor to develop PHP code and a 
debugger. 

—Jennifer deJong 
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FROM THE EDITORS 

Microsoft's Setback 
Is Good News 

Microsoft's failure to gain fast-track ISO approval for Office Open 
XML, the proprietary file formats used by Office 2007, is good 
news. We're encouraged that the international members of ISO resisted 
the company's attempt to ram an impossible specification through the 
standards process. We hope that those members remain strong and 
reject OOXML in its next bid for approval, in April 2008. 

At issue, frankly, is what a standard means. In theory, a standard 
should be clear and relatively unambiguous. It should serve the public 
interest by allowing different entities to create interoperable or compat- 
ible implementations. A standard should also provide an agreed-upon 
platform for future implementation. 

Microsoft's OOXML is none of those. It's a specification that's so 
incredibly convoluted that nobody outside of Microsoft will ever be able 
to implement it fully. That's what Microsoft wants, of course. If OOXML 
is approved by the ISO, the company can then sell its "standards-based" 
Office solutions to government entities. However, once those entities 
start creating documents in OOXML formats, they'll be locked into 
Microsoft's software to read and manipulate those documents. Also, busi- 
nesses and the general public will also need to buy Microsoft's software 
to read and manipulate those documents. Ka-ching! 

There is another document specification, approved by the ISO and wide- 
ly accepted by the industry: Open Document Format. Microsoft, as far as 
we can tell, has never explained why OOXML offers any public benefit over 
the already-approved (and far simpler) ODF specification. That's because, 
we believe, there isn't one. All OOXML offers is obfuscation and propri- 
etary lock-in. ISO did its job by sending it back to Microsoft for revision. 

BEA Stays a Step Ahead 

This year's BEAWorld conference took place in the shadow of 
VM ware's VM world 2007, but BEA Systems still managed to catch a 
glimmer of the spotlight when it announced its latest vision for SO A. Its 
vision is about visibility and collaboration, not about plumbing: BEA 
wants developers to stay in step with one another. 

BEA rolled out last year's vision (SOA 360) over the past year, updat- 
ing its AquaLogic, WebLogic and Tuxedo product lines. SOA 360 was the 
promise of integrated architectures throughout business. BEA has not 
yet fully delivered on that promise, but nevertheless has produced solid 
products that are on par with the best of its competition. 

The danger of "visions" is that they are often overarching. However, BEA 
does have a fair chance of standing out in the coming year. The idea behind 
this year's vision, Project Genesis, is to unite SOA and BPM with enterprise 
social computing. Enterprise social computing is where BEA stands out. 

Over the past year, BEA has launched innovative products that embrace 
social computing in a governed context that IT can trust and control. So, for 
example, a query in AquaLogic Pathways for documents tagged "SOA" will 
retrieve related persons and identify their expertise, much as Linkedln does. 

Those are products that are already on the market. By contrast, top 
competitors, such as IBM and Sun, are miles behind. In some cases, the 
competition hasn't started talking about the human factor yet. In other 
cases, they're talking but aren't delivering more than beta software with 
functionality. A Sun distinguished engineer discussed social computing 
during a presentation this summer but had nothing to show for it. 

BEA's latest deliverable is a new version of AquaLogic Registry Repos- 
itory, which is designed to normalize metadata that describes software 
artifacts and automate the collection of that metadata. 

BEA is well on its way to realizing the goals of Project Genesis, which 
has the potential to be a key differentiator. BEA continues to surprise, at 
first with the quality of its Java servers, and then with its SOA plumbing. 
We're delighted to see the innovation continue. I 



The Facade of Security 



Bob: Hey, that A] AX application we 
just deployed is registering methods that 
allow systemQ to he called. That's dan- 
gerous; we are vulnerable to attack! 

Alice: Well, the OW ASF -recommend- 
ed counter-measure is to implement a 
proxy facade. That will limit access to 
only the functions we want to permit. 

Bob: Great idea! We'll address the 
vulnerabilities in our code with 
more vulnerable code! Til get 
on that right away. 



Ion MacVittie 



Yes, that's right. The sug- 
gested solution to address 
vulnerable code is to write 
more code in the same lan- 
guage. Code that may be just 
as vulnerable as the original 
code it's meant to protect. If 
that sounds like protecting a 
sand wall with another sand wall, we 
that's because that is exactly what a 
code-based proxy facade ends up doing. 

A proxy facade acts as an interface to 
a system. It presents limited access into 
the system, and has the additional bene- 
fit of providing the opportunity to imple- 
ment additional functionality that may 
not be appropriate to implement within 
the actual system. 

A good example of a proxy facade is an 
ATM. The interface and therefore func- 
tionality presented to the user is a limited 
subset of the functionality available in a 
much more comprehensive system. The 
ATM proxy facade severely limits access 
to the broader service by controlling 
which functions the user can perform, 
and further restricts the type and amount 
of input that can be entered. 

A bad example of a proxy facade is 
the use case in which it is implemented 
in order to secure vulnerable code, espe- 
cially in a Web-based application. The 
facade of an ATM is hardened and 
secure; there's no real way for an attack- 
er to manipulate the facade when inter- 
acting with it. That's just not true with a 
Web-based application. 

A facade is defined as a "superficial 
appearance or illusion of something." In 
the case of securing code, that illusion is 
that more code — generally written in the 
same vulnerable language — can secure 
existing vulnerable code. In reality, I pre- 
fer another definition of facade: "a showy 
misrepresentation intended to conceal 
something unpleasant." Something un- 
pleasant indeed is being concealed with a 
proxy facade: vulnerable code. 

You could implement the proxy facade 
in another language, but that is likely to 
carry with it its own set of vulnerabilities 
and issues. Would you then implement 
another facade to secure that facade? 

Just how many sand walls are we 
going to build before we realize that we 
can't secure insecure code with more 
insecure code? 




FIRST COMMANDMENT OF SECURITY 

One of the primary reasons there are vul- 
nerabilities in applications is that as 
developers we still aren't following the 
first commandment of secure develop- 
ment: Thou shalt never trust the user. 

The ability to execute system-level 
commands in any language or toolkit 
comes about mainly because we don't do 
a good enough job of examin- 
ing user input and ensuring it 
doesn't contain malicious 
input, like an attempt to call 
system(). We check parame- 
ters to make sure they aren't 
null, we may even validate 
length if there is a use case 
that requires a specific mini- 
mum and maximum, but we 
don't generally examine the 
data in minute detail. We just 
want to make sure it's "close enough," 
but, quite frankly, when it comes to secu- 
rity, close enough is off by miles. 

It's ridiculous to assume that if we 
didn't properly validate the user input in 
the original code, we will properly vali- 
date the input in the proxy facade code. 
It's more likely we've just added anoth- 
er layer of complexity to the app with- 
out really addressing the original vul- 
nerability. 

Maybe, instead of validating user input 
on the server through a proxy facade, we'll 
use client-side code such as JavaScript or 
VBScript to validate user input. Hello?! If 
we don't routinely check for malicious 
content on the server side, how likely is it 
that we would check for the same on the 
client? Not likely. 

Trusting client-side validation has 
other issues — primarily that it can easily 
be subverted and ignored by attackers. 
Once I know the URL to which to sub- 
mit the request, it's a fairly simple task to 
craft the appropriate URL and query 
parameters (assuming it's a GET) to 
bypass the client-side validation, or to 
rewrite the page without the validation 
(if it uses POST) so I can submit whatev- 
er I want. 

IT'S STILL MADE OF SAND 

No matter how high, how thick or how 
many facades you code to protect your 
application, they're still all made of the 
same sand. The facade is still vulnerable 
to the same language- and platform- 
based vulnerabilities that will invariably 
crop up in the future, and instead of 
being tasked with addressing a new 
vulnerability in one application, you'll 
need to address it in two, or three or 
more. That's a lot of hours of develop- 
ment and testing — hours during which 
your application and your facade are 
vulnerable to attack. Hours that are 
more likely going to stretch into days or 
even weeks while you await the right 
"maintenance window" in which to 
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deploy the new patches. 

Basically, using insecure code any- 
where to secure insecure code should 
not be on anyone's list of best practices. 

USE BRICKS, NOT SAND 

The concept behind a proxy facade isn't a 
bad one. When you want to control access 
to a building, you erect a wall with a limit- 
ed number of entrances through which 
access can be easily controlled. The issue 
with implementing a proxy facade is that 
all too often it is implemented in the same 
vulnerable language as the original code 
or services it's meant to protect. 

Interestingly enough, while OWASP 
recommends as a counter-measure a 
code-based proxy facade, other Web appli- 
cation security-focused groups such as 
WASC (Web Application Security Consor- 
tium) recommend a Web application fire- 
wall — effectively a brick proxy facade — 
instead. For SOA and REST-based 
services, a gateway capable of implement- 
ing a brick proxy facade through service 
virtualization is also a good option. 

As developers, we tend to get our 
hackles up whenever the term "Web 
application firewall" comes up in con- 
versation. We are the kings of our sand 
castles after all, and woe unto those who 
speak ill of the king and suggest that per- 
haps we aren't capable of securing our 
own castle. Suggesting we may need 
some outside help tends to put us on the 
defensive. There's nothing we can't do 
with code, after all, given enough time. 

The problem is that we no longer 
have the time. We're overburdened with 
getting up to speed on emerging tech- 
nologies, maintaining existing applica- 
tions, troubleshooting defects, develop- 
ing new applications, and interfacing 
with business analysts. We are trying to 
cram every aspect of application devel- 
opment — security, integration, design, 
development, testing, process manage- 
ment, monitoring and performance — 
into one 24-hour day, and one person. 

It's just not possible to do it all and do 
it all well. That's why apps end up being 
vulnerable, why data validation routines 
aren't as thorough as they should be, and 
why every once in a while there are 
bugs — I mean random features — in our 
code. And adding yet another applica- 
tion — the proxy facade — to the list of apps 
that need securing, maintaining, testing 
and deploying exacerbates the problem 
and even further limits our available time. 

As developers, we need to start 
offloading redundant tasks and recogniz- 
ing when the answer isn't always "more 
code" but instead lies in an alternative 
solution. Building a proxy facade out of 
more sand just doesn't make sense. Build- 
ing one out of bricks will ensure that our 
sand castle really is protected for longer 
than it takes for the next wave of vulnera- 
bilities to crash into it and wash it away. I 

Lori MacVittie is technical marketing man- 
ager at F5 Networks, which sells appli- 
cation and network security products. 



LETTERS TO THE EDITOR 

Ada's Tried and Tested 



The article "When Failure Isn't an Op- 
tion," [Aug. 15, page 26] requires some 
clarification. It states that AdaCore is a 
member of the JSR 302 ("Safety Critical 
Java Technology") Expert Group. This is 
not accurate. A member of AdaCore's 
technical staff, Ben Brosgol, is an individ- 
ual member of that expert group, but he is 
not there representing AdaCore. 

One reason that AdaCore is not a cor- 
porate member of the JSR 302 group is 
that we have seen no interest in safety- 
critical Java from our customers. We pro- 
duce development environments for safe- 
ty-critical Ada systems, and our customers 
are much more interested in using tried 
and tested technology for a language — 
Ada — that was designed precisely for 
these sorts of applications, than to take the 
risk of moving to a language that intrinsi- 
cally introduces major complications into 
the certification process. 

We understand that some organiza- 
tions make technology decisions based on 
what's popular vs. what's technically more 
fit to purpose, and that was the essence of 
my quote: "Language choice has always 
been significantly a matter of personal 
taste and enthusiasm, and there are lots of 
Java enthusiasts around." Unfortunately 
the quote was positioned so as to make it 
look like I agreed with that rationale. 

As I explained in some other material 
that I furnished to the author, the real 
issue for managers of safety-critical pro- 
jects is not which specific language the 
staff is familiar with — a competent pro- 
grammer in any modern programming 
language should be able to learn a new 
language in short order. Rather, the more 
significant (and much harder to find) tal- 
ent is the ability to develop large, safe sys- 
tems, and that skill is rarely taught in uni- 
versities. Java brings no advantages here. 

Safety-critical Java is attracting a lot of 
"buzz" these days, in part because the 
technical issues that it raises tend to draw 



researchers who like to solve hard prob- 
lems. But it is still very much a work in 
progress, as the article notes, and frankly a 
much riskier choice than Ada for a com- 
munity that rightfully prides itself on con- 
servatism. From our vantage point, Java 
seems a language of chance, not a language 
of choice, for safety-critical applications. 

Robert Dewar 

President and CEO 

AdaCore 

OPEN DOCUMENT FORMAT EXISTS 

I am in complete agreement that the 
approval of the OOXML specification as 
an open standard would be major set- 
back in open communications and inter- 
operability ["Zeichick's Take: Microsoft 
OOXML Setback Is Good News," News 
on Thursday, Sept. 6]. An acceptable 
open standard exists in ODF. To insert 
OOXML as a so-called standard would 
be a step backward. If Microsoft wants 
to participate in the open standards 
arena, they are free to implement ODF. 

Frank Hill 

Sandersville, Ga. 

BUSINESS MUST DRIVE SOA 

Thanks for this excellent column ["Three 
Definitions of SOA," Aug. 1, page 40]. I'll 
spring for the latter two definitions: SOA 
is an enterprise strategy, and it is based on 
an architectural principle. It has to be dri- 
ven by business goals and underlying 
needs. In order to increase business agili- 
ty, services of the resulting "Goal-Driven 
Service Oriented Architecture" that are 
discovered on the basis of business goals 
must help their organization in aligning IT 
to changes swiftly and coherently. 
Birol Berkem 

Letters to SD Times should include the writer's name, 
company affiliation and contact information. Letters 
become the property of BZ Media and may be edited. 
Send to feedback@bzmedia.com. 
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Social Networking Growing, 
Says IPC 

The phrase "social networking" immediately 
brings Facebook and MySpace to mind, but a 
new report from IDC indicates that it's become 
big business and is going to get a lot bigger, 
soon. By 2009, the market for social network- 
ing applications is expected to be more than 
nine times the size it was in 2006, notes the 
study, "Social Networking Application Market 
Overview and Forecast," which predicts a jump 
from US$46.8 million to $428.3 million by 2009. 
The report also indicates that the signifi- 
cant market growth will be less dramatic after 
2011, as social networking functionality is built 
into core applications such as e-mail and 
instant messaging. 
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Is SOA Quality a Priority? 



SOA testing is in the media a bit these 
days as those who implement SOA 
have to make sure those new services, 
abstraction layers and orchestrations are 
ready for prime time. However, the com- 
mon approach to SOA deployment is: 
development now, requirements maybe, 
and testing if we have the time. You can't 
afford to make that mistake; there is too 
much on the line with this stuff. 

Indeed, a recent study by Nucleus 
Research discovered that existing SOA 
implementations achieved limited suc- 
cess when considering ROI. Only 37 per- 
cent of enterprises have achieved a posi- 
tive return on their investments from 
SOA deployments. While the root cause 
of these low ROI numbers can be attrib- 
uted to many factors, the key issues relate 
to a lack of planning and a lack of testing. 

Central to this problem is the fact that 
quality assurance, in general, is an often 
overlooked concept to most developers 
and designers. I mean, you're admitting 
that your code and resulting services 
need to be tested. How can that be? 

Moreover, those who run SOA pro- 
jects don't allocate a lot of time for test- 
ing, and typically when projects are 
behind, testing is sacrificed. But the 
complex nature of SOA means that test- 
ing is that much more important, con- 



sidering that mistakes and bad services 
can ripple throughout the architecture. 

There are many dimensions to SOA 
testing. They include services, process- 
es, performance, and holistic or system 
testing. 

Service-level testing is the most impor- 
tant, since core services are the founda- 
tion of the SOA. However, services are 
written very differently, de- 
pending upon the developer. 
Services may also be built on 
top of existing interfaces and 
APIs, and thus are even more 
complex and more in need of 
quality assurance testing, since 
you're placing an interface lay- 
er on top of an interface layer. 
It's a matter of validating the 
services for their intended use, 
verifying that the interfaces 
function correctly, and validating both 
WSDL and schema. Also, you need to 
consider diagnostics for design time and 
runtime, and make sure to address those 
older but important notions of unit, func- 
tional and regression testing. 

In addition to service-level testing, 
we have to test the way services are 
abstracted into processes and compos- 
ites. Since these are typically exposed as 
services themselves, it's just a matter of 




testing another level up from the core 
services, as units, and regressing down 
through the services that they leverage 
(unit and system). This is very much like 
testing object-oriented systems, but 
these guys have binary interfaces and 
heterogeneous development and run- 
time platforms, thus the complexity is 
much higher. 

Performance testing is 
perhaps just as critical, con- 
sidering that most of the qual- 
ity problems I run into when 
deploying SOA relate back to 
performance. Here is where 
you test against the SLAs 
established within the pro- 
ject, and learn how to spot 
bottlenecks, such as slow ser- 
vices, that can bring your 
SOA down to a crawl. Perfor- 
mance testing in the world of SOA is a 
matter of testing at the service, compos- 
ite, process and system levels. You look at 
overall performance first, then decom- 
pose the architecture down to functional 
primitives to isolate the system's problem 
components. You need to create an 
ongoing performance testing approach 
since so many performance issues devel- 
op over time as message and data traffic 
increases or changes. 



Testing services, however, requires 
testing tools, unless you plan to write your 
own, which I don't recommend. While 
there are a few players in the services/ 
SOA testing game, Mindreef's SOAP- 
scope Server is one of the few that I keep 
seeing in use. Mindreef provides tools for 
automated testing and debugging of Web 
services and SOA projects, from valida- 
tion of the service, testing to form and 
function, and performance testing. There 
are other tools as well, each taking a dif- 
ferent approach to SOA quality, so do 
your research. I would recommend only 
using tools that have well-defined 
approaches to testing, or step-by-step pro- 
cedures for leveraging their testing tools 
for your SOA. 

What's key here is to remember that 
you're testing an architecture, and not 
an application. Thus, the complexity of 
the system, and the approaches and 
tools used for testing, goes way up. It's 
important that you have a solid test plan, 
an arsenal of testing tools and tech- 
niques, and the time needed to test the 
architecture and correct any problems 
before they are found by the end user. 
Consider the systemic and business crit- 
ical nature of the architecture. 

Just to be very clear: Don't skimp on 
testing! I 

David S. Linthicum is a managing 
partner with Zapthink. Reach him at 
david@zapthink. com. 
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Open Documents: An Implemented View 



As a committer on the open source 
Platypus project (platypus.pz.org), I 
have a direct interest in the heated 
debate regarding approval of Microsoft's 
Office document formats as an interna- 
tional standard. Platypus uses a non- 
XML command language to specify doc- 
ument formatting, and it generates 
documents in one of three formats: 
PDF, HTML and, some day, aversion of 
Microsoft Word. (Other formats will 
surely be added, but those are the three 
we're starting with.) The PDF output is 
coming along well, and HTML recently 
got off the ground, but Word is stymied 
because we have no way of deciding 
which version of Word to code for. 

Our initial plan was to use Wordpro- 
cessingML, which is Microsoft's Office 
2003 XML document format. This format 
has the advantages of being able to be 
read in Office 2003 and 2007, and it's a 
clean spec that is fairly easy to implement. 
The problem is that it's a subset of what 
Word can deliver, and so I have to decide: 
Should we go with this 2003 subset or 
with the fuller 2007 format (which is what 
Microsoft is trying to push through the 
certification process)? Nothing prevents 
us from supporting both formats but the 
pragmatic recognition that time on Platy- 
pus comes out of the small wedge of dis- 



cretionary time its contributors can allot, 
so the idea of implementing the same for- 
mat two different ways has little appeal. 
Either way, we'd like to see some resolu- 
tion before the end of 2008, which is 
when we're likely to be finished imple- 
menting PDF and HTML functionality. 

My view on the debate over approval 
of Microsoft's formats by the Internation- 
al Organization of Standards 
(ISO) is that both Microsoft 
and opponents have confound- 
ed the debate by their mutual 
animosity. Microsoft has sub- 
mitted a 6,500-page proposal 
called Office Open XML 
(OOXML) for ratification. 
Among format standards this is 
very large. However, because it 
documents a de facto standard 
that evolved over many ver- 
sions of Windows, Excel and so on, there 
are lots of historical twists that require 
documentation. This aspect was particu- 
larly emphasized by IBM, which vehe- 
mently objected to a standard that 
includes a date field that has to be com- 
puted differently depending on which 
version of Office you're being compatible 
with. This argument has struck me as 
unconvincing. Of course in a green-field 
standard you wouldn't include such a silly 
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thing, but when you're codifying a histor- 
ical evolution, then you must include the 
ugly details. (Lots of ISO-approved stan- 
dards have similar junk in them. Look at 
the C++ standard for some examples.) 

Google has complained OOXML con- 
tains Windows artifacts such as bit fields 
that have nothing to do with documents 
per se, but are included because at one 
time they were part of the for- 
mat. Like IBM's complaint, 
this objection is too low-level. 
Implementers such as I am 
with Platypus don't have an 
issue with standards that are 
ugly from warts, knobby 
growths and scaly cruft. The 
PDF and HTML formats 
have plenty of that. Cruft is an 
expected effect of a document 
format. 

However, the complaints don't articu- 
late the core problem: Why carry forward 
any of the old silliness? Why didn't 
Microsoft in fact use a green-field 
approach to its XML formats? If there is 
a weird date field, clean it up in the XML 
and handle the translation back and forth 
through a converter. And then publish 
the source code to the converter. Then, 
we can all see the weird date thingy or the 
odd Windows bitfield and know that 



Microsoft will contain those embarrass- 
ments in order to provide pristine XML 
formats. This was the path that Redmond 
chose with its 2003 Office XML, after all. 
There is a reason for going green 
field, however unpleasant it might be to 
consider: By going to a new, clean XML 
format, Microsoft would have no defen- 
sible reason for not using the existing 
Office Open formats, which are clean 
and fairly well thought out. Why would 
we want another set of XML document 
formats? However, by offering the possi- 
bility of backward compatibility with the 
vast number of existing Office docu- 
ments, the Microsoft proposal has added 
value that it would not otherwise have. 
To expect the ISO to order Microsoft to 
abandon all the historical baggage is tilt- 
ing at windmills. Instead of opposing the 
proposal, what I want is a means of vali- 
dation. Give me the tools to validate how 
my generated document will look on 
Office XP and older versions of Office (a 
viewer with version-selection capabili- 
ties, for example, would do), and give 
me tools to convert old documents to 
and from the XML format. And give me 
source code to those tools. If I can see 
the mapping and can convert to and 
from other formats, OOXML will get no 
condemnation from me. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his blog at 
binstock.blogspot. com. 
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Sophistication About Concurrency 



11 1 1 ain't what you don't know that gets 
I you; it's what you think you know that 
ain't so." This aphorism credited to Will 
Rogers could be emblazoned above the 
workspace of any programmer interested 
in performance, especially performance 
relating to parallel programming. I was 
recently interviewed by Carl Franklin 
and Richard Campbell for the ".NET 
Rocks" podcast (www.dotnetrocks.com 
/default. aspx?showNum= 269), and while 
I generally achieved a level of reason, wit 
and overall wisdom otherwise unmatched 
in the history of recorded speech, this is a 
point that I wish I'd made a little stronger. 

A lot of discussion of parallel pro- 
gramming is based on a mental model of 
hardware that no longer holds true: a 
clockwork von Neumann model in which 
memory access and instruction execution 
take more or less the same amount of 
time. This is the model that we grew up 
with, and it's fantastic for understanding 
computer fundamentals. Unfortunately, 
the reality of computer hardware has 
diverged so much from this model that 
it's become counter-productive, at least 
as far as thinking about concurrency. 

The major fallacy that this model pro- 
motes is that coordination is "no big deal," 
that the retrieval of instructions and data 
from the "storage unit" is not something 



that needs to be included in thinking 
about how things work. With branch pre- 
diction, caches and out-of-order execu- 
tion, this model has been misleading for 
some time, but it's only now, as concur- 
rency rises to become the primary con- 
cern of performance, that the model has 
become actively misleading. 

A model that I prefer is to 
think of the processing unit 
(with multiple cores and 
chips, it seems wrong to speak 
of any single one as the "cen- 
tral" processing unit) as some- 
thing akin to a ziggurat or 
Incan step pyramid. At the 
pinnacle is a small area that is 
the center of action — the reg- 
isters. Ultimately, everything 
has to be moved to this level. 
Work at this level runs at a 
pace: less than a nanosecond to execute 
an instruction. (I can't say "nanosecond" 
without mentioning that light itself can 
barely make it around the perimeter of a 
CPU in that time.) 

The next steps down are more capa- 
cious, but still quite small in the 
scheme of things. These are the on- 
chip caches. Moving data from these 
levels to the registers takes some time, 
but basically these are the main work- 
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ing levels for high-performance code. 

Below the caches, the "steps" start 
becoming much more significant and 
start having room for much more data. 
There's a step for accessing main memo- 
ry, a step for crossing a process bound- 
ary, a huge step for accessing the disk 
(whether for virtual memory or persis- 
tent storage). The base of the 
ziggurat, I suppose, is the 
Internet, with its uncount- 
able petabytes of data and 
response times that can make 
a human impatient. 

Cores, chips, coprocessors 
I and grids create a kind of 
^f P Tikal of processing, albeit one 

with "bridges" between the 
pyramids at different steps. 
This model makes, I hope, 
the problem with purely automated con- 
currency clearer: The overhead of dis- 
tributing a calculation to the "next pyra- 
mid," retrieving the partial results, and 
then reassembling them into a coherent 
whole, is very large. Even loops doing 
complex calculations will generally take 
at least several hundred iterations (and 
often thousands) before distribution 
makes sense. And that's when talking 
about calculations distributed between 
cores, not over a cluster of machines! 




Larry 
O'BriBn 



True, when working with large data, 
such as multimedia, vectorizing loops is a 
no-brainer. But it's not sufficient (or wise) 
for many situations, and dependencies 
carried by the loop can zero out the bene- 
fits. The same logic, unfortunately, argues 
against the not-uncommon belief that a 
sufficiently smart library (or platform) can 
do the distribution. While platforms will 
undoubtedly add more and more asyn- 
chronous capabilities, concurrent perfor- 
mance can only be regularly achieved with 
a programmer-provided hint. 

Which is to say: code. Programming 
languages and the people who use them 
are going to have to incorporate more 
sophisticated concurrent programming 
models, as I discussed in my previous 
column ("Talkin' Concurrency," Sept. 
15, page 57) and which I discussed in 
the podcast. 

And as far as the level of reason, wit 
and overall wisdom achieved in the pod- 
cast: How stupid am I to invoke Will 
Rogers and a quote about overconfidence 
when pointing people to a podcast of me 
talking about something as complex as 
concurrent programming models? There 
are probably things in the podcast that 
are not just wrong, but positively moron- 
ic. Please write and let me know what 
they are. It's the only way I'll learn. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 
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Application life-cycle management, or 
ALM, has done a 180, which could 
be described as a turn for the better. 

The term was first foisted upon the 
development world by makers of soft- 
ware tools for modeling, requirements, 
testing, SCM and writing code. Instead 
of using individual tools from a variety 
of makers, companies in the ALM 
space began to offer the com- 
plete array, arguing that 
tighter integration between 
tools made life easier for 
development organizations. 
Also, these companies rea- 
soned, if they offered a total 
tool package, it would mean 
more business for them. 
IBM, with its Rational suite, 
was a leader here. Other 
companies such as Borland 
(and its CodeGear division) 
and Telelogic acquired their way into 
ALM; MKS spun its own tools into a 
share of that market. And with good 
reason: IDC expects the ALM market 
to grow to US$3.3 billion by 2009. 

ALM became a war of the check box. 
Companies would point to the offerings 
of others and declare, "They don't have 
a requirements tool. They're not ALM!" 

But now, with what Forrester 
Research analyst Carey Schwaber is 
defining as "ALM 2.0," the emphasis 
seems to be shifting from tools to 
processes. 

Granted, this is a market that has 
been seeking direction for a while. Ser- 
ena, for example, changed its emphasis 
from ALM to IT change governance, 
and now is focused on Web 2.0-style 
mashups. Telelogic is taking a much 
broader view of ALM with its acquisi- 
tion of Popkin Software and its empha- 
sis on enterprise architecture. And 
Microsoft, which introduced Visual 
Studio Team System in 2005, finds 
itself in the serendipitous spot of sup- 
porting development processes with 
the tooling, but without being tied to 
any one particular process. 

But the new players in the ALM 2.0 
space aren't traditional tool companies. 



CollabNet, for instance, is making a 
strong play, noting it has the distributed 
aspect of development down, and 
enough tools — Subversion for SCM, 
the CUBiT virtualization platform, 
issues and requirements tracking and 
project management — to get develop- 
ment shops started down the road to 
process-based ALM. Rally Software 
sees itself as the agile 
process hub to the applica- 
tion life cycle, regardless of 
IDE, build system and test- 
ing tools. And project man- 
agement company Good 
Software is using the Eclipse 
framework to create a place 
where tools can plug in to its 
OpenUP-based process. 
What happened here? 
■**J-U Did software as a service cut 
the legs out from underneath these tra- 
ditional ALM vendors? Were customers 
clamoring for the ability to use a variety 
of tools from different companies and tie 
them together? Is this simply another 
response to the need for companies to 
be flexible and agile in their develop- 
ment processes? 

Schwaber isn't sure what has driven 
this shift. She suspects the move toward 
hosted source code, such as the reposi- 
tory offered by CollabNet, might have 
had something to do with it. "People 
said, 'Why not put the tools there too?' " 
ALM, as first defined, simply meant 
having tools for every part of the life 
cycle. Now, the definition has morphed 
into the glue that ties it all together. 
And companies such as CollabNet, 
Kovair and Rally have found that they 
can provide the glue, without providing 
the individual practitioner tools. 
"That's why you see small players 
getting in [the market] quickly. The 
barrier to entry is much lower, and it 
makes the market more competitive," 
Schwaber said. 

This, of course, is not to say that 
there isn't a place for the tools 
providers. After all, the folks offering 
the glue aren't offering tools, so we 
could see a return to the cobbled, 



"best-of-breed" solutions that software 
sellers told us wouldn't work as well as 
a single, integrated solution. That's 
been the message from MKS; its own 
homegrown tools had the kind of tight 
integration the other ALM suppliers 
couldn't achieve with acquisition upon 
acquisition. 

Even IBM, with its Rational suite, 
couldn't get its integration act together, 
according to Schwaber. "Before Jazz, 
did IBM have integrated tools? Every 
year they'd say they improved the inte- 
grations, but they never quite got it 
done." IBM's tools, she claimed, were 
so difficult for customers to implement 
that they simply weren't bothering. "To 
get ALM from IBM today, you need to 
buy all the tools and then the services 
to tie them all together. That's much 
more costly than turning on CollabNet 
tomorrow." 

ALM 2.0 — "I coined the term, and I 
don't even really like it," Schwaber 
admitted — involves moving toward a sin- 
gle-repository solution. But she acknowl- 
edged this is difficult, and not likely to 
occur. "The better solution is a wrapper 
on top of all the repositories. Maybe Jazz 
will sit on top of ClearCase and Web- 
Sphere and Subversion," she said. 

Borland, er, CodeGear, is also on 
board. JBuilder product manager Joe 
McGlynn said the development team 
has adopted agile practices, and now 
they're looking at open source tools and 
best practices, such as Subversion, with 
Continuum for continuous integration, 
and Bugzilla for defect tracking. Bor- 
land has created a feature set called 
Team Insight, which includes some- 
thing called Project Assist — the glue 
that will hold together practitioner 
tools, either from Borland or the open 
source community. "We're creating a 
pluggable platform, an a la carte sys- 
tem," McGlynn said. 

If it seems like we've been around 
this track before, it's simply because we 
have. But anything that gives develop- 
ment organizations choice and flexibility, 
and that results in better software creat- 
ed more quickly, with more value for the 
organization, should be embraced. I 

David Rubinstein is editor-in-chief of 
SD Times. 
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VMware has acquired IT process orchestration software provider 
Dunes Technologies for an undisclosed sum. The Dunes orches- 
tration platform will allow VMware to automate the VM life cycle, 
from requisition to decommissioning, while workinq alonqside 
VMware manaqement and automation tools, accordinq to Raqhu 
Raqhuram, VMware's vice president of products and solutions. 
"With our products, VMware customers will be able to implement 
best practice operational processes for virtual infrastructure and 
ensure strict compliance with corporate IT standards and policies," 
said Stefan Hochuli Paychere, co-founder and CTO of Dunes 
. . . Sun Microsystems' coveted Zetabyte File System came under 



leqal attack on Sept. 5, when NetApp filed suit aqainst Sun in a 
Texas U.S. District Court, alleging that Sun's file system violates 
NetApp patents. The company is seekinq a permanent injunction 
aqainst Sun to prevent it from selling products that use or are 
derived from ZFS. NetApp is also claiminq that it does not infrinqe 
Sun patents in its own products, somethinq Sun representatives 
allegedly accused the company of doinq in 2006 . . . Microsoft has 
acquired Parlano, maker of the enterprise qroup chat software 
MindAliqn. Financial terms were not disclosed. Microsoft will build 
the technoloqy into its Office Communications Server and Office 
Communicator desktop software for IM, conferencinq and VoIP. I 
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